Software / code / prosody-modules
Changeset
5223:8b2a36847912
mod_http_oauth2: Support HTTP Basic auth on token endpoint
This is described in RFC 6749 section 2.3.1 and draft-ietf-oauth-v2-1-07 2.3.1
as the recommended way to transmit the client's credentials.
The older spec even calls it the "client password", but the new spec clarifies
that this is just another term for the client secret.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 07 Mar 2023 15:27:50 +0000 |
| parents | 5222:578a72982bb2 |
| children | 5224:cd5cf4cc6304 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Mar 07 15:18:41 2023 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Mar 07 15:27:50 2023 +0000 @@ -456,11 +456,19 @@ end function handle_token_grant(event) + local credentials = get_request_credentials(event.request); + event.response.headers.content_type = "application/json"; local params = http.formdecode(event.request.body); if not params then return error_response(event.request, oauth_error("invalid_request")); end + + if credentials.type == "basic" then + params.client_id = http.urldecode(credentials.username); + params.client_secret = http.urldecode(credentials.password); + end + local grant_type = params.grant_type local grant_handler = grant_type_handlers[grant_type]; if not grant_handler then
