aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_tokenauth.lua
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2023-03-01 13:01:21 +0000
committerMatthew Wild <mwild1@gmail.com>2023-03-01 13:01:21 +0000
commita58a6d2317ea9ca99a3e580db89303ee8041a7d6 (patch)
tree762b463e9e8e21a0ebd9e58d12cdb6d8dfc1a3f6 /plugins/mod_tokenauth.lua
parent16137b3b1437ee37538b4e55326c2518893354ad (diff)
downloadprosody-a58a6d2317ea9ca99a3e580db89303ee8041a7d6.tar.gz
prosody-a58a6d2317ea9ca99a3e580db89303ee8041a7d6.zip
mod_tokenauth: Add 'purpose' constraint
This allows tokens to be tied to specific purposes/protocols. For example, we shouldn't (without specific consideration) allow an OAuth token to be dropped into a slot expecting a FAST token. While FAST doesn't currently use mod_tokenauth, it and others may do in the future. It's better to be explicit about what kind of token code is issuing or expecting.
Diffstat (limited to 'plugins/mod_tokenauth.lua')
-rw-r--r--plugins/mod_tokenauth.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index 9cd73570..5edf51fd 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -13,7 +13,7 @@ local function select_role(username, host, role)
return usermanager.get_user_role(username, host);
end
-function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data)
+function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_data, token_purpose)
token_jid = jid.prep(token_jid);
if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
return nil, "not-authorized";
@@ -30,6 +30,7 @@ function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_dat
created = os.time();
expires = token_ttl and (os.time() + token_ttl) or nil;
jid = token_jid;
+ purpose = token_purpose;
resource = token_resource;
role = token_role;