Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Bail on invalid or expired device flow state token
authorKim Alvefur <zash@zash.se>
Fri, 04 Aug 2023 01:11:01 +0200
changeset 5632 9aace51c3637
parent 5631 3a5cf8d80089
child 5633 ef0a283507c9
mod_http_oauth2: Bail on invalid or expired device flow state token
mod_http_oauth2/mod_http_oauth2.lua file | annotate | diff | comparison | revisions 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Mon Jul 31 07:28:09 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Aug 04 01:11:01 2023 +0200
@@ -400,6 +400,8 @@
 		if is_device then
 			-- reconstruct the device_code
 			code = b64url(hashes.hmac_sha256(verification_key, device_state.user_code));
+		else
+			return oauth_error("invalid_request");
 		end
 	end
 	local ok = codes:set("authorization_code:" .. params.client_id .. "#" .. code, {
prosody-modules