prosody-modules
9b03238d4e0e
mod_auth_custom_http/mod_auth_custom_http.lua
Software / code / prosody-modules
File
mod_auth_custom_http/mod_auth_custom_http.lua @ 6334:9b03238d4e0e
mod_http_oauth2: Only issue id_token when granted openid scope
OpenID Connect Core 1.0 states that OIDC is only being done if the
"openid" scope is included.
https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1
Less details given out by default is good for privacy and byte count.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 15 Jul 2025 01:46:38 +0200 |
| parent | 3989:32d7f05e062f |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local new_sasl = require "util.sasl".new; local json = require "util.json"; prosody.unlock_globals(); local http = require "socket.http"; prosody.lock_globals(); local options = module:get_option("auth_custom_http"); local post_url = options and options.post_url; assert(post_url, "No HTTP POST URL provided"); local provider = {}; function provider.test_password(username, password) return nil, "Not supported" end function provider.get_password(username) return nil, "Not supported" end function provider.set_password(username, password) return nil, "Not supported" end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "Not supported" end function provider.delete_user(username) return nil, "Not supported" end function provider.get_sasl_handler() local getpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local postdata = json.encode({ username = username, password = password }); local result = http.request(post_url, postdata); return result == "true", true; end, }; return new_sasl(module.host, getpass_authentication_profile); end module:provides("auth", provider);
