prosody: plugins/mod_tokenauth.lua@055b03d3059b (annotated)

10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	1	local id = require "util.id";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	2	local jid = require "util.jid";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	3	local base64 = require "util.encodings".base64;
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	4	local usermanager = require "core.usermanager";
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	5	local generate_identifier = require "util.id".short;
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	6
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	7	local token_store = module:open_store("auth_tokens", "map");
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	9	local function select_role(username, host, role)
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	10	if role then
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	11	return prosody.hosts[host].authz.get_role_by_name(role);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	12	end
12666 07424992d7fc mod_authz_internal, and more: New iteration of role API Matthew Wild <mwild1@gmail.com> parents: 12653 diff changeset	13	return usermanager.get_user_role(username, host);
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	14	end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	15
12917 012fa81d1f5d mod_tokenauth: Add 'purpose' constraint Matthew Wild <mwild1@gmail.com> parents: 12776 diff changeset	16	function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data, token_purpose)
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	17	token_jid = jid.prep(token_jid);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	18	if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	19	return nil, "not-authorized";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	20	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	21
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	22	local token_username, token_host, token_resource = jid.split(token_jid);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	23
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	24	if token_host ~= module.host then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	25	return nil, "invalid-host";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	27
12923 7c0e5c7eff7c mod_tokenauth: Fix misplaced closing parenthesis Kim Alvefur <zash@zash.se> parents: 12921 diff changeset	28	if (token_data and type(token_data) ~= "table") or (token_purpose and type(token_purpose) ~= "string") then
12918 2b4661bd39e2 mod_tokenauth: Add some sanity checking of the new optional parameters Matthew Wild <mwild1@gmail.com> parents: 12917 diff changeset	29	return nil, "bad-request";
2b4661bd39e2 mod_tokenauth: Add some sanity checking of the new optional parameters Matthew Wild <mwild1@gmail.com> parents: 12917 diff changeset	30	end
2b4661bd39e2 mod_tokenauth: Add some sanity checking of the new optional parameters Matthew Wild <mwild1@gmail.com> parents: 12917 diff changeset	31
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	32	local token_info = {
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	33	owner = actor_jid;
10679 5efd6865486c mod_tokenauth: Track creation time of tokens Matthew Wild <mwild1@gmail.com> parents: 10678 diff changeset	34	created = os.time();
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	35	expires = token_ttl and (os.time() + token_ttl) or nil;
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	jid = token_jid;
12917 012fa81d1f5d mod_tokenauth: Add 'purpose' constraint Matthew Wild <mwild1@gmail.com> parents: 12776 diff changeset	37	purpose = token_purpose;
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	38
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	39	resource = token_resource;
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	40	role = token_role;
12776 daa654dbd8de mod_tokenauth: Allow attaching an arbitrary data table to a token Matthew Wild <mwild1@gmail.com> parents: 12747 diff changeset	41	data = token_data;
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	42	};
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	43
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	44	local token_id = id.long();
10678 4459afac4d13 mod_tokenauth: Handle tokens issued to bare hosts (eg components) Kim Alvefur <zash@zash.se> parents: 10673 diff changeset	45	local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id);
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	46	token_store:set(token_username, token_id, token_info);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	47
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	48	return token, token_info;
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	49	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	50
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	51	local function parse_token(encoded_token)
12921 e4de42495fb7 mod_tokenauth: Gracefully handle missing tokens Matthew Wild <mwild1@gmail.com> parents: 12919 diff changeset	52	if not encoded_token then return nil; end
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	53	local token = base64.decode(encoded_token);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	54	if not token then return nil; end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	55	local token_jid, token_id = token:match("^1;([^;]+);(.+)$");
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	56	if not token_jid then return nil; end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	57	local token_user, token_host = jid.split(token_jid);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	58	return token_id, token_user, token_host;
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	59	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	60
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	61	local function _get_parsed_token_info(token_id, token_user, token_host)
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	62	if token_host ~= module.host then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	63	return nil, "invalid-host";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	64	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	65
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	66	local token_info, err = token_store:get(token_user, token_id);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	67	if not token_info then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	68	if err then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	69	return nil, "internal-error";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	70	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	71	return nil, "not-authorized";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	72	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	73
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	74	if token_info.expires and token_info.expires < os.time() then
12747 19113f232423 mod_tokenauth: Remove expired tokens from storage Matthew Wild <mwild1@gmail.com> parents: 12746 diff changeset	75	token_store:set(token_user, token_id, nil);
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	76	return nil, "not-authorized";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	77	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	78
12746 126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	79	local account_info = usermanager.get_account_info(token_user, module.host);
126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	80	local password_updated_at = account_info and account_info.password_updated;
126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	81	if password_updated_at and password_updated_at > token_info.created then
12747 19113f232423 mod_tokenauth: Remove expired tokens from storage Matthew Wild <mwild1@gmail.com> parents: 12746 diff changeset	82	token_store:set(token_user, token_id, nil);
12746 126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	83	return nil, "not-authorized";
126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	84	end
126aefd2c4c6 mod_tokenauth: Invalidate tokens issued before most recent password change Matthew Wild <mwild1@gmail.com> parents: 12666 diff changeset	85
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	86	return token_info
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	87	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	88
12653 86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	89	function get_token_info(token)
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	90	local token_id, token_user, token_host = parse_token(token);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	91	if not token_id then
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	92	return nil, "invalid-token-format";
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	93	end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	94	return _get_parsed_token_info(token_id, token_user, token_host);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	95	end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	96
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	97	function get_token_session(token, resource)
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	98	local token_id, token_user, token_host = parse_token(token);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	99	if not token_id then
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	100	return nil, "invalid-token-format";
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	101	end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	102
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	103	local token_info, err = _get_parsed_token_info(token_id, token_user, token_host);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	104	if not token_info then return nil, err; end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	105
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	106	return {
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	107	username = token_user;
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	108	host = token_host;
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	109	resource = token_info.resource or resource or generate_identifier();
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	110
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	111	role = select_role(token_user, token_host, token_info.role);
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	112	};
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	113	end
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	114
86e1187f6274 mod_tokenauth: New API that better fits how modules are using token auth Matthew Wild <mwild1@gmail.com> parents: 10679 diff changeset	115
10672 25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	116	function revoke_token(token)
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	117	local token_id, token_user, token_host = parse_token(token);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	118	if not token_id then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	119	return nil, "invalid-token-format";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	120	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	121	if token_host ~= module.host then
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	122	return nil, "invalid-host";
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	123	end
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	124	return token_store:set(token_user, token_id, nil);
25c84c0a66fd mod_authtokens: New module for managing auth tokens Matthew Wild <mwild1@gmail.com> parents: diff changeset	125	end
12919 70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	126
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	127	function sasl_handler(auth_provider, purpose, extra)
12942 055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	128	return function (sasl, token, realm, _authzid)
12919 70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	129	local token_info, err = get_token_info(token);
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	130	if not token_info then
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	131	module:log("debug", "SASL handler failed to verify token: %s", err);
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	132	return nil, nil, extra;
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	133	end
12942 055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	134	local token_user, token_host, resource = jid.split(token_info.jid);
055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	135	if realm ~= token_host or (purpose and token_info.purpose ~= purpose) then
12919 70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	136	return nil, nil, extra;
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	137	end
12942 055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	138	if auth_provider.is_enabled and not auth_provider.is_enabled(token_user) then
12919 70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	139	return true, false, token_info;
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	140	end
12942 055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	141	sasl.resource = resource;
055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	142	sasl.token_info = token_info;
055b03d3059b util.sasl.oauthbearer: Return username from callback instead using authzid (BC) Kim Alvefur <zash@zash.se> parents: 12923 diff changeset	143	return token_user, true, token_info;
12919 70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	144	end;
70f6a8dceb1d mod_tokenauth: Add SASL handler backend that can accept and verify tokens Matthew Wild <mwild1@gmail.com> parents: 12918 diff changeset	145	end

author	Kim Alvefur <zash@zash.se>
	Thu, 16 Mar 2023 12:18:23 +0100
changeset 12942	055b03d3059b
parent 12923	7c0e5c7eff7c
child 12956	a668bc1aa39d
permissions	-rw-r--r--