aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl/oauthbearer.lua
Commit message (Collapse)AuthorAgeFilesLines
* util.sasl.oauthbearer: Tighter parsing of SASL messageKim Alvefur2023-05-261-1/+3
| | | | | Previously the kvsep before and after the kvpairs would have been included in kvpairs, which is incorrect but should be harmless.
* util: Prefix module imports with prosody namespaceKim Alvefur2023-03-171-1/+1
|
* util.sasl.oauthbearer: Fix gs2-header parsingMatthew Wild2023-03-211-1/+1
|
* util.sasl.oauthbearer: Adjust parsing of GS2 to allow lack of authzidKim Alvefur2023-03-161-2/+3
| | | | Partly copied from util.sasl.scram and then reduced a bit.
* util.sasl.oauthbearer: Return username from callback instead using authzid (BC)Kim Alvefur2023-03-161-33/+3
| | | | | | | | | | | | | RFC 6120 states that > If the initiating entity does not wish to act on behalf of another > entity, it MUST NOT provide an authorization identity. Thus it seems weird to require it here. We can instead expect an username from the token data passed back from the profile. This follows the practice of util.sasl.external where the profile callback returns the selected username, making the authentication module responsible for extracting the username from the token.
* util.sasl.oauthbearer: Fix syntax error in b796e08e6376Matthew Wild2023-03-151-1/+1
|
* util.sasl.oauthbearer: Attach token_info to sasl handlerMatthew Wild2023-03-151-0/+2
| | | | | | This allows token-aware things to access extra information about the authentication, such as when the token is due to expire and the attached custom 'data'.
* util.sasl.oauthbearer: Fix traceback on authz in unexpected formatKim Alvefur2023-03-021-0/+4
| | | | | | E.g. if you were to just pass "username" without @hostname, the split will return nil, "username" and the nil gets passed to saslprep() and it does not like that.
* util.sasl: Add SASL OAUTHBEARER mechanism (RFC 7628)Matthew Wild2023-03-011-0/+83
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 23:35:37 +0000