Software /
code /
prosody-modules
File
mod_auth_custom_http/mod_auth_custom_http.lua @ 5367:93d445b26063
mod_http_oauth2: Validate redirect URI depending on application type
Per https://openid.net/specs/openid-connect-registration-1_0.html
require that web applications use https:// and native applications must
use either http://localhost or a custom (non-https) URI.
Previous requirement that hostname matches that of client_uri is kept
for web applications.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 25 Apr 2023 19:49:41 +0200 |
parent | 3989:32d7f05e062f |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local new_sasl = require "util.sasl".new; local json = require "util.json"; prosody.unlock_globals(); local http = require "socket.http"; prosody.lock_globals(); local options = module:get_option("auth_custom_http"); local post_url = options and options.post_url; assert(post_url, "No HTTP POST URL provided"); local provider = {}; function provider.test_password(username, password) return nil, "Not supported" end function provider.get_password(username) return nil, "Not supported" end function provider.set_password(username, password) return nil, "Not supported" end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "Not supported" end function provider.delete_user(username) return nil, "Not supported" end function provider.get_sasl_handler() local getpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local postdata = json.encode({ username = username, password = password }); local result = http.request(post_url, postdata); return result == "true", true; end, }; return new_sasl(module.host, getpass_authentication_profile); end module:provides("auth", provider);