prosody
49bbdc22846d
util/sasl/oauthbearer.lua
Software / code / prosody
File
util/sasl/oauthbearer.lua @ 13752:49bbdc22846d 13.0
certmanager: Add more debug logging around cert indexing
Currently it's not obvious which directories have been indexed (especially
when the resulting index is empty), or why certain files have been skipped.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 24 Feb 2025 17:48:58 +0000 |
| parent | 13112:b6aaab0846fe |
line wrap: on
line source
local json = require "prosody.util.json"; local _ENV = nil; local function oauthbearer(self, message) if not message then return "failure", "malformed-request"; end if message == "\001" then return "failure", "not-authorized"; end -- gs2-header kvsep *kvpair kvsep local gs2_header, kvpairs = message:match("^(n,[^,]*,)\001(.+)\001$"); if not gs2_header then return "failure", "malformed-request"; end local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); -- key "=" value kvsep local auth_header; for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do if k == "auth" then auth_header = v; break; end end if not auth_header then return "failure", "malformed-request"; end local token = auth_header:match("^Bearer (.+)$"); local username, state, token_info = self.profile.oauthbearer(self, token, self.realm, gs2_authzid); if state == false then return "failure", "account-disabled"; elseif state == nil or not username then -- For token-level errors, RFC 7628 demands use of a JSON-encoded -- challenge response upon failure. We relay additional info from -- the auth backend if available. return "challenge", json.encode({ status = token_info and token_info.status or "invalid_token"; scope = token_info and token_info.scope or nil; ["openid-configuration"] = token_info and token_info.oidc_discovery_url or nil; }); end self.username = username; self.token_info = token_info; return "success"; end local function init(registerMechanism) registerMechanism("OAUTHBEARER", {"oauthbearer"}, oauthbearer); end return { init = init; }
