# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1679055958 0
# Node ID b0a8d4e9934e2d5ae84c8418a97ebbad1759c1a0
# Parent  c34b263499beb8227960c32c3fbf099178f772bc
sasl: Add oauthbearer mechanism

diff -r c34b263499be -r b0a8d4e9934e util/sasl/oauthbearer.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/util/sasl/oauthbearer.lua	Fri Mar 17 12:25:58 2023 +0000
@@ -0,0 +1,22 @@
+
+return function (stream, name)
+	if name == "OAUTHBEARER" and stream.username then
+		return function (stream)
+			local auth = stream.bearer_token and ("Bearer "..stream.bearer_token) or "";
+			local message, data = coroutine.yield("n,a="..stream.username.."@"..stream.host..",\001auth="..auth.."\001");
+			if message == "success" then
+				return true;
+			elseif message == "challenge" then
+				stream:event("oauth-failure", {
+					json = data;
+				});
+				-- Note: No code after the yield should generally execute, as "failure"
+				-- doesn't get passed through to us (it contains no data anyway)
+				if coroutine.yield("\001") ~= "failure" then
+					error("Unexpected SASL state: expected failure after challenge");
+				end
+				return false;
+			end
+		end, stream.bearer_token and 6 or 4; -- Prefer OAUTHBEARER if we have a token, otherwise prefer password if we have one
+	end
+end