mod_auth_oauth_external: Make 'scope' configurable in password grant request
Needed by some OAuth servers, tested here with Mastodon
--- a/mod_auth_oauth_external/README.md Mon May 08 20:12:43 2023 +0200
+++ b/mod_auth_oauth_external/README.md Wed May 10 12:39:05 2023 +0200
@@ -78,6 +78,10 @@
: String. Client secret used to identify Prosody during the resource
owner password grant.
+`oauth_external_scope`
+: String. Defaults to `"oauth"`. Included in request for resource
+ owner password grant.
+
# Compatibility
## Prosody
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua Mon May 08 20:12:43 2023 +0200
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua Wed May 10 12:39:05 2023 +0200
@@ -17,6 +17,7 @@
-- the OAuth client? Is the XMPP client the OAuth client? What are we???
local client_id = module:get_option_string("oauth_external_client_id");
local client_secret = module:get_option_string("oauth_external_client_secret");
+local scope = module:get_option_string("oauth_external_scope", "openid");
--[[ More or less required endpoints
digraph "oauth endpoints" {
@@ -44,7 +45,7 @@
client_secret = client_secret;
username = map_username(username, realm);
password = password;
- scope = "openid";
+ scope = scope;
});
}))
if err or not (tok.code >= 200 and tok.code < 300) then