prosody-modules
ab14e7ecb82f
mod_http_oauth2/mod_http_oauth2.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Diff

mod_http_oauth2/mod_http_oauth2.lua @ 6240:ab14e7ecb82f

mod_http_oauth2: Allow JIDs as username for password grant
author magicfelix <felix@felix-zauberer.de>
date Sat, 19 Apr 2025 20:32:37 +0200
parent 6239:a931a95e363e
child 6245:ea58d2893afb
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 19 18:30:57 2025 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 19 20:32:37 2025 +0200
@@ -134,6 +134,7 @@
 
 local pkce_required = module:get_option_boolean("oauth2_require_code_challenge", true);
 local respect_prompt = module:get_option_boolean("oauth2_respect_oidc_prompt", false);
+local expect_username_jid = module:get_option_boolean("oauth2_expect_username_jid", false);
 
 local verification_key;
 local sign_client, verify_client;
@@ -419,7 +420,21 @@
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
-	local request_username = assert(params.username, oauth_error("invalid_request", "missing 'username'"));
+	local request_username
+
+	if expect_username_jid then
+		local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)"));
+		local _request_username, request_host, request_resource = jid.prepped_split(request_jid);
+
+		if not (_request_username and request_host) or request_host ~= module.host then
+			return oauth_error("invalid_request", "invalid JID");
+		end
+
+		request_username = _request_username
+	else
+		request_username = assert(params.username, oauth_error("invalid_request", "missing 'username'"));
+	end
+
 	local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'"));
 
 	if not usermanager.test_password(request_username, module.host, request_password) then