Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5230:ac252db71027

mod_http_oauth2: Log flows enabled and disabled If a developer ever wants to be sure what the state is
author Kim Alvefur <zash@zash.se>
date Fri, 10 Mar 2023 12:01:52 +0100
parent 5229:c24a622a7b85
child 5231:bef543068077
comparison
equal deleted inserted replaced
5229:c24a622a7b85 5230:ac252db71027
443 end 443 end
444 444
445 local allowed_grant_type_handlers = module:get_option_set("allowed_oauth2_grant_types", {"authorization_code", "password"}) 445 local allowed_grant_type_handlers = module:get_option_set("allowed_oauth2_grant_types", {"authorization_code", "password"})
446 for handler_type in pairs(grant_type_handlers) do 446 for handler_type in pairs(grant_type_handlers) do
447 if not allowed_grant_type_handlers:contains(handler_type) then 447 if not allowed_grant_type_handlers:contains(handler_type) then
448 module:log("debug", "Grant type %q disabled", handler_type);
448 grant_type_handlers[handler_type] = nil; 449 grant_type_handlers[handler_type] = nil;
450 else
451 module:log("debug", "Grant type %q enabled", handler_type);
449 end 452 end
450 end 453 end
451 454
452 -- "token" aka implicit flow is considered insecure 455 -- "token" aka implicit flow is considered insecure
453 local allowed_response_type_handlers = module:get_option_set("allowed_oauth2_response_types", {"code"}) 456 local allowed_response_type_handlers = module:get_option_set("allowed_oauth2_response_types", {"code"})
454 for handler_type in pairs(response_type_handlers) do 457 for handler_type in pairs(response_type_handlers) do
455 if not allowed_response_type_handlers:contains(handler_type) then 458 if not allowed_response_type_handlers:contains(handler_type) then
459 module:log("debug", "Response type %q disabled", handler_type);
456 grant_type_handlers[handler_type] = nil; 460 grant_type_handlers[handler_type] = nil;
461 else
462 module:log("debug", "Response type %q enabled", handler_type);
457 end 463 end
458 end 464 end
459 465
460 function handle_token_grant(event) 466 function handle_token_grant(event)
461 local credentials = get_request_credentials(event.request); 467 local credentials = get_request_credentials(event.request);