Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5510:a49d73e4262e

mod_http_oauth2: Add client verification wrapper function Fixes the weird ok, data return format from util.jit, but the real reason is to add some preparation steps here.
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:12:46 +0200
parent 5509:ae007be8a6bd
child 5511:0860497152af
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 02 08:59:59 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Jun 02 10:12:46 2023 +0200
@@ -97,6 +97,17 @@
 	sign_client, verify_client = jwt.init(registration_algo, registration_key, registration_key, registration_options);
 end
 
+-- verify and prepare client structure
+local function check_client(client_id)
+	if not verify_client then
+		return nil, "client-registration-not-enabled";
+	end
+
+	local ok, client = verify_client(client_id);
+	if not ok then return ok, client; end
+	return client;
+end
+
 -- scope : string | array | set
 --
 -- at each step, allow the same or a subset of scopes
@@ -409,8 +420,8 @@
 		return oauth_error("invalid_scope", "unknown scope requested");
 	end
 
-	local client_ok, client = verify_client(params.client_id);
-	if not client_ok then
+	local client = check_client(params.client_id);
+	if not client then
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
@@ -444,8 +455,8 @@
 	if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end
 	if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end
 
-	local client_ok, client = verify_client(params.client_id);
-	if not client_ok then
+	local client = check_client(params.client_id);
+	if not client then
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
@@ -704,9 +715,9 @@
 		return render_error(oauth_error("invalid_request", "Missing 'client_id' parameter"));
 	end
 
-	local ok, client = verify_client(params.client_id);
+	local client = check_client(params.client_id);
 
-	if not ok then
+	if not client then
 		return render_error(oauth_error("invalid_request", "Invalid 'client_id' parameter"));
 	end