Comparison

mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5436:e7d99bacd0e8

mod_auth_oauth_external: Make 'scope' configurable in password grant request Needed by some OAuth servers, tested here with Mastodon
author Kim Alvefur <zash@zash.se>
date Wed, 10 May 2023 12:39:05 +0200
parent 5435:b3e7886fea6a
child 5437:49306afbf722
comparison
equal deleted inserted replaced
5435:b3e7886fea6a 5436:e7d99bacd0e8
15 15
16 -- XXX Hold up, does whatever done here even need any of these things? Are we 16 -- XXX Hold up, does whatever done here even need any of these things? Are we
17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we???
18 local client_id = module:get_option_string("oauth_external_client_id"); 18 local client_id = module:get_option_string("oauth_external_client_id");
19 local client_secret = module:get_option_string("oauth_external_client_secret"); 19 local client_secret = module:get_option_string("oauth_external_client_secret");
20 local scope = module:get_option_string("oauth_external_scope", "openid");
20 21
21 --[[ More or less required endpoints 22 --[[ More or less required endpoints
22 digraph "oauth endpoints" { 23 digraph "oauth endpoints" {
23 issuer -> discovery -> { registration validation } 24 issuer -> discovery -> { registration validation }
24 registration -> { client_id client_secret } 25 registration -> { client_id client_secret }
42 grant_type = "password"; 43 grant_type = "password";
43 client_id = client_id; 44 client_id = client_id;
44 client_secret = client_secret; 45 client_secret = client_secret;
45 username = map_username(username, realm); 46 username = map_username(username, realm);
46 password = password; 47 password = password;
47 scope = "openid"; 48 scope = scope;
48 }); 49 });
49 })) 50 }))
50 if err or not (tok.code >= 200 and tok.code < 300) then 51 if err or not (tok.code >= 200 and tok.code < 300) then
51 return false, nil; 52 return false, nil;
52 end 53 end