Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5262:e73f364b5624

mod_http_oauth2: Rename oauth client credential related functions To make it more explicit what "secret" these deal with.
author Kim Alvefur <zash@zash.se>
date Tue, 21 Mar 2023 21:36:54 +0100
parent 5259:8fba651b10ef
child 5263:381c62ef52aa
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 15:26:03 2023 +0000
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 21:36:54 2023 +0100
@@ -284,12 +284,12 @@
 	}
 end
 
-local function make_secret(client_id) --> client_secret
+local function make_client_secret(client_id) --> client_secret
 	return hashes.hmac_sha256(verification_key, client_id, true);
 end
 
-local function verify_secret(client_id, client_secret)
-	return hashes.equals(make_secret(client_id), client_secret);
+local function verify_client_secret(client_id, client_secret)
+	return hashes.equals(make_client_secret(client_id), client_secret);
 end
 
 function grant_type_handlers.authorization_code(params)
@@ -305,7 +305,7 @@
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
-	if not verify_secret(params.client_id, params.client_secret) then
+	if not verify_client_secret(params.client_id, params.client_secret) then
 		module:log("debug", "client_secret mismatch");
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
@@ -552,7 +552,7 @@
 	end
 
 	local user_jid = jid.join(auth_state.user.username, module.host);
-	local client_secret = make_secret(params.client_id);
+	local client_secret = make_client_secret(params.client_id);
 	local id_token_signer = jwt.new_signer("HS256", client_secret);
 	local id_token = id_token_signer({
 		iss = get_issuer();
@@ -675,7 +675,7 @@
 
 	-- Do we want to keep everything?
 	local client_id = jwt_sign(client_metadata);
-	local client_secret = make_secret(client_id);
+	local client_secret = make_client_secret(client_id);
 
 	client_metadata.client_id = client_id;
 	client_metadata.client_secret = client_secret;