Software /
code /
prosody-modules
Comparison
mod_rest/example/rest.sh @ 5387:e3fc52b40064
mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
The S256 code challenge method left as a future exercise.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 29 Apr 2023 14:06:51 +0200 |
parent | 5380:822d26271d9f |
child | 5430:48c643c851f3 |
comparison
equal
deleted
inserted
replaced
5386:6f13200c9fc1 | 5387:e3fc52b40064 |
---|---|
86 ACCESS_TOKEN="" | 86 ACCESS_TOKEN="" |
87 fi | 87 fi |
88 fi | 88 fi |
89 | 89 |
90 if [ -z "${ACCESS_TOKEN:-}" ]; then | 90 if [ -z "${ACCESS_TOKEN:-}" ]; then |
91 open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&scope=openid+prosody:user" | 91 CODE_CHALLENGE="$(head -c 33 /dev/urandom | base64 | tr /+ _-)" |
92 open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&code_challenge=$CODE_CHALLENGE&scope=openid+prosody:user" | |
92 read -p "Paste authorization code: " -s -r AUTHORIZATION_CODE | 93 read -p "Paste authorization code: " -s -r AUTHORIZATION_CODE |
93 | 94 |
94 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE")" | 95 TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE" code_verifier="$CODE_CHALLENGE")" |
95 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -e -r '.access_token')" | 96 ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -e -r '.access_token')" |
96 REFRESH_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')" | 97 REFRESH_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')" |
97 | 98 |
98 if [ "$REFRESH_TOKEN" != "null" ]; then | 99 if [ "$REFRESH_TOKEN" != "null" ]; then |
99 # FIXME Better type check would be nice, but nobody should ever have the | 100 # FIXME Better type check would be nice, but nobody should ever have the |