Software / code / verse
Annotate
util/sasl/oauthbearer.lua @ 496:c4ae7aa2958a
util.sasl.oauthbearer: Fix message syntax
Each key-value pair has a \001 trailer, and then the whole thing has a
\001 trailer as well, so it should always end with two \001.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 23 Jun 2023 10:11:25 +0200 |
| parent | 477:b0a8d4e9934e |
| child | 498:50d0bd035bb7 |
| rev | line source |
|---|---|
|
477
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 return function (stream, name) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 if name == "OAUTHBEARER" and stream.username then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 return function (stream) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local auth = stream.bearer_token and ("Bearer "..stream.bearer_token) or ""; |
|
496
c4ae7aa2958a
util.sasl.oauthbearer: Fix message syntax
Kim Alvefur <zash@zash.se>
parents:
477
diff
changeset
|
6 local message, data = coroutine.yield("n,a="..stream.username.."@"..stream.host..",\001auth="..auth.."\001\001"); |
|
477
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 if message == "success" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 return true; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 elseif message == "challenge" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 stream:event("oauth-failure", { |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 json = data; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 }); |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 -- Note: No code after the yield should generally execute, as "failure" |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 -- doesn't get passed through to us (it contains no data anyway) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 if coroutine.yield("\001") ~= "failure" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 error("Unexpected SASL state: expected failure after challenge"); |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 return false; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end, stream.bearer_token and 6 or 4; -- Prefer OAUTHBEARER if we have a token, otherwise prefer password if we have one |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
