Software `/` code `/` verse

Annotate

util/sasl/oauthbearer.lua @ 498:50d0bd035bb7

util.sasl.oauthbearer: Don't send authzid It's not needed and not recommended in XMPP unless we want to act as someone other than who we authenticate as. We find out the JID during resource binding.

author	Kim Alvefur <zash@zash.se>
date	Fri, 23 Jun 2023 12:09:49 +0200
parent	496:c4ae7aa2958a

rev	line source
477 b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	1
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 return function (stream, name)
498 50d0bd035bb7 util.sasl.oauthbearer: Don't send authzid Kim Alvefur <zash@zash.se> parents: 496 diff changeset	3 if name == "OAUTHBEARER" then
477 b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 return function (stream)
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 local auth = stream.bearer_token and ("Bearer "..stream.bearer_token) or "";
498 50d0bd035bb7 util.sasl.oauthbearer: Don't send authzid Kim Alvefur <zash@zash.se> parents: 496 diff changeset	6 local message, data = coroutine.yield("n,,\001auth="..auth.."\001\001");
477 b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 if message == "success" then
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	8 return true;
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 elseif message == "challenge" then
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 stream:event("oauth-failure", {
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 json = data;
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 });
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	13 -- Note: No code after the yield should generally execute, as "failure"
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 -- doesn't get passed through to us (it contains no data anyway)
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 if coroutine.yield("\001") ~= "failure" then
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	16 error("Unexpected SASL state: expected failure after challenge");
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 end
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 return false;
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 end
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 end, stream.bearer_token and 6 or 4; -- Prefer OAUTHBEARER if we have a token, otherwise prefer password if we have one
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 end
b0a8d4e9934e sasl: Add oauthbearer mechanism Matthew Wild <mwild1@gmail.com> parents: diff changeset	22 end

verse

50d0bd035bb7

util/sasl/oauthbearer.lua

Software / code / verse

Annotate

util/sasl/oauthbearer.lua @ 498:50d0bd035bb7

Software `/` code `/` verse