Software / code / prosody-modules
Changeset
5181:2c6acf2d6fd4
mod_http_oauth2: Fix removal of consumed authorization codes
Fixes mod_http_oauth2.lua:34: bad argument #2 to 'difftime' (number expected, got nil)
The extra preceding argument to :set stored the client-id#code as a value
instead of clearing the key, and then later in the periodic cleanup
timer this string would be indexed, producing a nil and a traceback
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 01 Mar 2023 21:11:48 +0100 |
| parents | 5180:6361afcda1a3 |
| children | 5182:20ba6340f524 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Mar 01 13:21:29 2023 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Mar 01 21:11:48 2023 +0100 @@ -166,7 +166,7 @@ module:log("debug", "authorization_code invalid or expired: %q", code); return oauth_error("invalid_client", "incorrect credentials"); end - assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); + assert(codes:set(client_id .. "#" .. params.code, nil)); return json.encode(new_access_token(code.granted_jid, code.granted_scopes, nil)); end
