# HG changeset patch # User Kim Alvefur # Date 1748905897 -7200 # Node ID b460b2a65f0b4af3f4e4b9a8be57cfef46c7a2ce # Parent f96923cd35f6352f1a1207018a8917adfd5a43e3 mod_http_oauth2: Remove now redundant client_id check from remaining grant handlers Missed these in 2505542c6c50 diff -r f96923cd35f6 -r b460b2a65f0b mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Tue Jun 03 10:45:45 2025 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Jun 03 01:11:37 2025 +0200 @@ -552,21 +552,9 @@ return json.encode(new_access_token(code.granted_jid, code.granted_role, code.granted_scopes, client, code.id_token)); end -function grant_type_handlers.refresh_token(params) - if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end - if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end +function grant_type_handlers.refresh_token(params, client) if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end - local client = check_client(params.client_id); - if not client then - return oauth_error("invalid_client", "incorrect credentials"); - end - - if not verify_client_secret(params.client_id, params.client_secret) then - module:log("debug", "client_secret mismatch"); - return oauth_error("invalid_client", "incorrect credentials"); - end - local refresh_token_info = tokens.get_token_info(params.refresh_token); if not refresh_token_info or refresh_token_info.purpose ~= "oauth2-refresh" then return oauth_error("invalid_grant", "invalid refresh token"); @@ -598,21 +586,9 @@ return json.encode(new_access_token(refresh_token_info.jid, role, new_scopes, client, nil, refresh_token_info)); end -grant_type_handlers[device_uri] = function(params) - if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end - if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end +grant_type_handlers[device_uri] = function(params, client) if not params.device_code then return oauth_error("invalid_request", "missing 'device_code'"); end - local client = check_client(params.client_id); - if not client then - return oauth_error("invalid_client", "incorrect credentials"); - end - - if not verify_client_secret(params.client_id, params.client_secret) then - module:log("debug", "client_secret mismatch"); - return oauth_error("invalid_client", "incorrect credentials"); - end - local code = codes:get("device_code:" .. params.client_id .. "#" .. params.device_code); if type(code) ~= "table" or code_expired(code) then return oauth_error("expired_token");