equal
deleted
inserted
replaced
566 end |
566 end |
567 return { |
567 return { |
568 user = { |
568 user = { |
569 username = username; |
569 username = username; |
570 host = module.host; |
570 host = module.host; |
571 token = new_user_token({ username = username, host = module.host }); |
571 token = new_user_token({ username = username; host = module.host; auth_time = os.time() }); |
572 }; |
572 }; |
573 }; |
573 }; |
574 elseif form.user_token and form.consent then |
574 elseif form.user_token and form.consent then |
575 -- Second step: consent |
575 -- Second step: consent |
576 local ok, user = verify_user_token(form.user_token); |
576 local ok, user = verify_user_token(form.user_token); |
830 local id_token_signer = jwt.new_signer("HS256", client_secret); |
830 local id_token_signer = jwt.new_signer("HS256", client_secret); |
831 local id_token = id_token_signer({ |
831 local id_token = id_token_signer({ |
832 iss = get_issuer(); |
832 iss = get_issuer(); |
833 sub = url.build({ scheme = "xmpp"; path = user_jid }); |
833 sub = url.build({ scheme = "xmpp"; path = user_jid }); |
834 aud = params.client_id; |
834 aud = params.client_id; |
|
835 auth_time = auth_state.user.auth_time; |
835 nonce = params.nonce; |
836 nonce = params.nonce; |
836 }); |
837 }); |
837 local response_type = params.response_type; |
838 local response_type = params.response_type; |
838 local response_handler = response_type_handlers[response_type]; |
839 local response_handler = response_type_handlers[response_type]; |
839 if not response_handler then |
840 if not response_handler then |