File

util/sasl/external.lua @ 13073:9e5802b45b9e

mod_tokenauth: Only check if expiry of expiring tokens Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime explicitly bounded here, but rather be bounded by the lifetime of something else, like the OAuth2 client. Open question: Would it be better to enforce a lifetime on all tokens?
author Kim Alvefur <zash@zash.se>
date Wed, 12 Apr 2023 10:21:32 +0200
parent 12975:d10957394a3c
line wrap: on
line source

local saslprep = require "prosody.util.encodings".stringprep.saslprep;

local _ENV = nil;
-- luacheck: std none

local function external(self, message)
	message = saslprep(message);
	local state
	self.username, state = self.profile.external(message);

	if state == false then
		return "failure", "account-disabled";
	elseif state == nil  then
		return "failure", "not-authorized";
	elseif state == "expired" then
		return "false", "credentials-expired";
	end

	return "success";
end

local function init(registerMechanism)
	registerMechanism("EXTERNAL", {"external"}, external);
end

return {
	init = init;
}