Software `/` code `/` prosody

Comparison

plugins/mod_tokenauth.lua @ 12913:012fa81d1f5d

mod_tokenauth: Add 'purpose' constraint This allows tokens to be tied to specific purposes/protocols. For example, we shouldn't (without specific consideration) allow an OAuth token to be dropped into a slot expecting a FAST token. While FAST doesn't currently use mod_tokenauth, it and others may do in the future. It's better to be explicit about what kind of token code is issuing or expecting.

author	Matthew Wild <mwild1@gmail.com>
date	Wed, 01 Mar 2023 13:01:21 +0000
parent	12772:daa654dbd8de
child	12914:2b4661bd39e2

comparison

equal deleted inserted replaced

-:44a78985471f
+:012fa81d1f5d
 		return prosody.hosts[host].authz.get_role_by_name(role);
 	end
 	return usermanager.get_user_role(username, host);
 end
-function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data)
+function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data, token_purpose)
 	token_jid = jid.prep(token_jid);
 	if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
 		return nil, "not-authorized";
 	end
 	local token_info = {
 		owner = actor_jid;
 		created = os.time();
 		expires = token_ttl and (os.time() + token_ttl) or nil;
 		jid = token_jid;
+		purpose = token_purpose;
 		resource = token_resource;
 		role = token_role;
 		data = token_data;
 	};

prosody

012fa81d1f5d

plugins/mod_tokenauth.lua

Software / code / prosody

Comparison

plugins/mod_tokenauth.lua @ 12913:012fa81d1f5d

Software `/` code `/` prosody