prosody
42c2a9787242
util/sasl/oauthbearer.lua
Software / code / prosody
File
util/sasl/oauthbearer.lua @ 13103:42c2a9787242
net.http.server: Remove "Firing event" logs, use event logging instead
Since these are noisy and we have the thing in util.helpers to log
events fired.
The new status line events are meant to replace these as they include
more useful info.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 14 May 2023 18:48:20 +0200 |
| parent | 12975:d10957394a3c |
| child | 13112:b6aaab0846fe |
line wrap: on
line source
local json = require "prosody.util.json"; local _ENV = nil; local function oauthbearer(self, message) if not message then return "failure", "malformed-request"; end if message == "\001" then return "failure", "not-authorized"; end local gs2_header, kvpairs = message:match("^(n,[^,]*,)(.+)$"); if not gs2_header then return "failure", "malformed-request"; end local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); local auth_header; for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do if k == "auth" then auth_header = v; break; end end if not auth_header then return "failure", "malformed-request"; end local token = auth_header:match("^Bearer (.+)$"); local username, state, token_info = self.profile.oauthbearer(self, token, self.realm, gs2_authzid); if state == false then return "failure", "account-disabled"; elseif state == nil or not username then -- For token-level errors, RFC 7628 demands use of a JSON-encoded -- challenge response upon failure. We relay additional info from -- the auth backend if available. return "challenge", json.encode({ status = token_info and token_info.status or "invalid_token"; scope = token_info and token_info.scope or nil; ["openid-configuration"] = token_info and token_info.oidc_discovery_url or nil; }); end self.username = username; self.token_info = token_info; return "success"; end local function init(registerMechanism) registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer); end return { init = init; }
