Software / code / prosody-modules
Changeset
5666:73c3d5bfce3e
mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt
If the OIDC 'prompt' parameter does not contain the 'select_account'
then it wants us to skip account selection, which means we have to
figure which account to authenticate somehow. One way could be have
this stored in a cookie from a previous successful login. Another way
would be to have the account passed as a hint, which is what we add
here.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 09 Sep 2023 21:42:24 +0200 |
| parents | 5665:7c105277a9ca |
| children | 5667:23f336cec200 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Aug 27 09:49:35 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sat Sep 09 21:42:24 2023 +0200 @@ -864,7 +864,7 @@ -- Client wants no interaction, only confirmation of prior login and -- consent, but this is not implemented. return error_response(request, redirect_uri, oauth_error("interaction_required")); - elseif not prompt:contains("select_account") then + elseif not prompt:contains("select_account") and not params.login_hint then -- TODO If the login page is split into account selection followed by login -- (e.g. password), and then the account selection could be skipped iff the -- 'login_hint' parameter is present.
