equal
deleted
inserted
replaced
4 local jid = require "util.jid"; |
4 local jid = require "util.jid"; |
5 local json = require "util.json"; |
5 local json = require "util.json"; |
6 local usermanager = require "core.usermanager"; |
6 local usermanager = require "core.usermanager"; |
7 local errors = require "util.error"; |
7 local errors = require "util.error"; |
8 local url = require "socket.url"; |
8 local url = require "socket.url"; |
9 local uuid = require "util.uuid"; |
9 local id = require "util.id"; |
10 local encodings = require "util.encodings"; |
10 local encodings = require "util.encodings"; |
11 local base64 = encodings.base64; |
11 local base64 = encodings.base64; |
12 local random = require "util.random"; |
12 local random = require "util.random"; |
13 local schema = require "util.jsonschema"; |
13 local schema = require "util.jsonschema"; |
14 local set = require "util.set"; |
14 local set = require "util.set"; |
183 |
183 |
184 function response_type_handlers.code(client, params, granted_jid) |
184 function response_type_handlers.code(client, params, granted_jid) |
185 local request_username, request_host = jid.split(granted_jid); |
185 local request_username, request_host = jid.split(granted_jid); |
186 local granted_scopes = filter_scopes(request_username, request_host, params.scope); |
186 local granted_scopes = filter_scopes(request_username, request_host, params.scope); |
187 |
187 |
188 local code = uuid.generate(); |
188 local code = id.medium(); |
189 local ok = codes:set(params.client_id .. "#" .. code, { |
189 local ok = codes:set(params.client_id .. "#" .. code, { |
190 expires = os.time() + 600; |
190 expires = os.time() + 600; |
191 granted_jid = granted_jid; |
191 granted_jid = granted_jid; |
192 granted_scopes = granted_scopes; |
192 granted_scopes = granted_scopes; |
193 }); |
193 }); |
622 return oauth_error("invalid_request", "Informative URI must match redirect URIs"); |
622 return oauth_error("invalid_request", "Informative URI must match redirect URIs"); |
623 end |
623 end |
624 end |
624 end |
625 end |
625 end |
626 |
626 |
627 -- Ensure each signed client_id JWT is unique |
627 -- Ensure each signed client_id JWT is unique, short ID and issued at |
628 client_metadata.nonce = uuid.generate(); |
628 -- timestamp should be sufficient to rule out brute force attacks |
|
629 client_metadata.nonce = id.short(); |
629 |
630 |
630 -- Do we want to keep everything? |
631 -- Do we want to keep everything? |
631 local client_id = jwt_sign(client_metadata); |
632 local client_id = jwt_sign(client_metadata); |
632 local client_secret = make_secret(client_id); |
633 local client_secret = make_secret(client_id); |
633 |
634 |