Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5379 8b7d97f0ae8a
parent 5371 93d445b26063
child 5381 ca477408f90b
equal deleted inserted replaced
5378:d9397d6a5513 5379:8b7d97f0ae8a 
    79 
    79 
    80 local function parse_scopes(scope_string)
 
    80 local function parse_scopes(scope_string)
 
    81 	return array(scope_string:gmatch("%S+"));
 
    81 	return array(scope_string:gmatch("%S+"));
 
    82 end
 
    82 end
 
    83 
    83 
    84 local openid_claims = set.new({ "profile"; "email"; "address"; "phone" });
 
    84 local openid_claims = set.new({ "openid", "profile"; "email"; "address"; "phone" });
 
    85 
    85 
    86 local function filter_scopes(username, requested_scope_string)
 
    86 local function filter_scopes(username, requested_scope_string)
 
    87 	local selected_role, granted_scopes = nil, array();
 
    87 	local selected_role, granted_scopes = nil, array();
 
    88 
    88 
    89 	if requested_scope_string then -- Specific role(s) requested
 
    89 	if requested_scope_string then -- Specific role(s) requested
 
    90 		local requested_scopes = parse_scopes(requested_scope_string);
 
    90 		local requested_scopes = parse_scopes(requested_scope_string);
 
    91 		for _, scope in ipairs(requested_scopes) do
 
    91 		for _, scope in ipairs(requested_scopes) do
 
    92 			if scope == "openid" or openid_claims:contains(scope) then
 
    92 			if openid_claims:contains(scope) then
 
    93 				granted_scopes:push(scope);
 
    93 				granted_scopes:push(scope);
 
    94 			end
 
    94 			end
 
    95 			if selected_role == nil and usermanager.user_can_assume_role(username, module.host, scope) then
 
    95 			if selected_role == nil and usermanager.user_can_assume_role(username, module.host, scope) then
 
    96 				selected_role = scope;
 
    96 				selected_role = scope;
 
    97 			end
 
    97 			end
 
   806 		iss = get_issuer();
 
   806 		iss = get_issuer();
 
   807 		sub = url.build({ scheme = "xmpp"; path = token_info.jid });
 
   807 		sub = url.build({ scheme = "xmpp"; path = token_info.jid });
 
   808 	}
 
   808 	}
 
   809 
   809 
   810 	local token_claims = set.intersection(openid_claims, scopes);
 
   810 	local token_claims = set.intersection(openid_claims, scopes);
 
       
   811 	token_claims:remove("openid"); -- that's "iss" and "sub" above
 
   811 	if not token_claims:empty() then
 
   812 	if not token_claims:empty() then
 
   812 		-- Another module can do that
 
   813 		-- Another module can do that
 
   813 		module:fire_event("token/userinfo", {
 
   814 		module:fire_event("token/userinfo", {
 
   814 			token = token_info;
 
   815 			token = token_info;
 
   815 			claims = token_claims;
 
   816 			claims = token_claims;
prosody-modules