util/sasl/oauthbearer.lua@b0a8d4e9934e (annotated)
util/sasl/oauthbearer.lua
Fri, 17 Mar 2023 12:25:58 +0000
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Fri, 17 Mar 2023 12:25:58 +0000
- changeset 477
- b0a8d4e9934e
- permissions
- -rw-r--r--
sasl: Add oauthbearer mechanism
|
477
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 | |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 | return function (stream, name) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 | if name == "OAUTHBEARER" and stream.username then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 | return function (stream) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 | local auth = stream.bearer_token and ("Bearer "..stream.bearer_token) or ""; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 | local message, data = coroutine.yield("n,a="..stream.username.."@"..stream.host..",\001auth="..auth.."\001"); |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 | if message == "success" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 | return true; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 | elseif message == "challenge" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 | stream:event("oauth-failure", { |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 | json = data; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 | }); |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 | -- Note: No code after the yield should generally execute, as "failure" |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 | -- doesn't get passed through to us (it contains no data anyway) |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 | if coroutine.yield("\001") ~= "failure" then |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 | error("Unexpected SASL state: expected failure after challenge"); |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 | end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 | return false; |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 | end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 | end, stream.bearer_token and 6 or 4; -- Prefer OAUTHBEARER if we have a token, otherwise prefer password if we have one |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 | end |
|
b0a8d4e9934e
sasl: Add oauthbearer mechanism
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 | end |
