Software / code / prosody-modules
Changeset
6207:a1a33f0f6f6e
mod_http_oauth2: Reorder HTTP handler (noop)
More in the order they might be used, related paths together.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 16 Mar 2025 21:56:25 +0100 |
| parents | 6206:ac7e2992fe6e |
| children | 6211:750d64c47ec6 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 19 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 16 17:04:51 2025 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 16 21:56:25 2025 +0100 @@ -1584,6 +1584,7 @@ -- This is the normal 'authorization_code' flow. -- Step 1. Create OAuth client + ["GET /register"] = { headers = { content_type = "application/schema+json" }; body = json.encode(registration_schema) }; ["POST /register"] = handle_register_request; -- Device flow @@ -1595,24 +1596,6 @@ ["POST /authorize"] = handle_authorization_request; ["OPTIONS /authorize"] = { status_code = 403; body = "" }; - -- Step 3. User is redirected to the 'redirect_uri' along with an - -- authorization code. In the insecure 'implicit' flow, the access token - -- is delivered here. - - -- Step 4. Retrieve access token using the code. - ["POST /token"] = handle_token_grant; - - -- Step 4 is later repeated using the refresh token to get new access tokens. - - -- Step 5. Revoke token (access or refresh) - ["POST /revoke"] = handle_revocation_request; - - -- Get info about a token - ["POST /introspect"] = handle_introspection_request; - - -- OpenID - ["GET /userinfo"] = handle_userinfo_request; - -- Optional static content for templates ["GET /style.css"] = templates.css and { headers = { @@ -1627,11 +1610,26 @@ body = templates.js; } or nil; - -- Some convenient fallback handlers - ["GET /register"] = { headers = { content_type = "application/schema+json" }; body = json.encode(registration_schema) }; + -- Step 3. User is redirected to the 'redirect_uri' along with an + -- authorization code. In the insecure 'implicit' flow, the access token + -- is delivered here. + + -- Step 4. Retrieve access token using the code. + ["POST /token"] = handle_token_grant; ["GET /token"] = function() return 405; end; + + -- Step 4 is later repeated using the refresh token to get new access tokens. + + -- Get info about a token + ["POST /introspect"] = handle_introspection_request; + ["GET /introspect"] = function() return 405; end; + + -- Get info about the user, used for OpenID Connect + ["GET /userinfo"] = handle_userinfo_request; + + -- Step 5. Revoke token (access or refresh) + ["POST /revoke"] = handle_revocation_request; ["GET /revoke"] = function() return 405; end; - ["GET /introspect"] = function() return 405; end; }; });
