Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5774 990c6adc4407
parent 5771 a967bb4972c5
child 5775 72799c330986
equal deleted inserted replaced
5773:bb4335c8f500 5774:990c6adc4407 
  1418 		return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified");
 
  1418 		return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified");
 
  1419 	elseif set.intersection(response_types, allowed_response_type_handlers):empty() then
 
  1419 	elseif set.intersection(response_types, allowed_response_type_handlers):empty() then
 
  1420 		return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified");
 
  1420 		return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified");
 
  1421 	end
 
  1421 	end
 
  1422 
  1422 
  1423 	-- Do we want to keep everything?
 
       
  1424 	local client_id = sign_client(client_metadata);
 
       
  1425 
       
  1426 	client_metadata.client_id = client_id;
 
       
  1427 	client_metadata.client_id_issued_at = os.time();
 
       
  1428 
       
  1429 	if client_metadata.token_endpoint_auth_method ~= "none" then
 
  1423 	if client_metadata.token_endpoint_auth_method ~= "none" then
 
  1430 		-- Ensure that each client_id JWT with a client_secret is unique.
 
  1424 		-- Ensure that each client_id JWT with a client_secret is unique.
 
  1431 		-- A short ID along with the issued at timestamp should be sufficient to
 
  1425 		-- A short ID along with the issued at timestamp should be sufficient to
 
  1432 		-- rule out brute force attacks.
 
  1426 		-- rule out brute force attacks.
 
  1433 		-- Not needed for public clients without a secret, but those are expected
 
  1427 		-- Not needed for public clients without a secret, but those are expected
 
  1434 		-- to be uncommon since they can only do the insecure implicit flow.
 
  1428 		-- to be uncommon since they can only do the insecure implicit flow.
 
  1435 		client_metadata.nonce = id.short();
 
  1429 		client_metadata.nonce = id.short();
 
  1436 
  1430 	end
 
  1437 		local client_secret = make_client_secret(client_id, client_metadata);
 
  1431 
       
  1432 	-- Do we want to keep everything?
 
       
  1433 	local client_id = sign_client(client_metadata);
 
       
  1434 
       
  1435 	client_metadata.client_id = client_id;
 
       
  1436 	client_metadata.client_id_issued_at = os.time();
 
       
  1437 
       
  1438 	if client_metadata.token_endpoint_auth_method ~= "none" then
 
       
  1439 		local client_secret = make_client_secret(client_id);
 
  1438 		client_metadata.client_secret = client_secret;
 
  1440 		client_metadata.client_secret = client_secret;
 
  1439 		client_metadata.client_secret_expires_at = 0;
 
  1441 		client_metadata.client_secret_expires_at = 0;
 
  1440 
  1442 
  1441 		if not registration_options.accept_expired then
 
  1443 		if not registration_options.accept_expired then
 
  1442 			client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600);
 
  1444 			client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600);
prosody-modules