Software /
code /
prosody-modules
File
mod_s2sout_override/mod_s2sout_override.lua @ 5819:93d6e9026c1b
mod_http_oauth2: Do not enforce PKCE on Device and OOB flows
PKCE does not appear to be used with the Device flow. I have found no
mention of any interaction between those standards. Since no data is
delivered via redirects in these cases, PKCE may not serve any purpose.
This is mostly a problem because we reuse the authorization code to
implement the Device and OOB flows.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 15 Dec 2023 12:10:07 +0100 |
parent | 5632:ae62d92506dc |
line wrap: on
line source
--% requires: s2sout-pre-connect-event local url = require"socket.url"; local basic_resolver = require "net.resolvers.basic"; local override_for = module:get_option(module.name, {}); -- map of host to "tcp://example.com:5269" module:hook("s2sout-pre-connect", function(event) local override = override_for[event.session.to_host] or override_for[event.session.to_host:gsub("^[^.]+%.", "*.")] or override_for["*"]; if type(override) == "string" then override = url.parse(override); end if type(override) == "table" and override.scheme == "tcp" and type(override.host) == "string" then event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5269, override.scheme, {}); elseif type(override) == "table" and override.scheme == "tls" and type(override.host) == "string" then event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5270, "tcp", { servername = event.session.to_host; sslctx = event.session.ssl_ctx }); end end);