| rev |
line source |
|
bsw/jbe@1309
|
1 local member_id = param.get("member_id", atom.integer)
|
|
bsw/jbe@1309
|
2 local system_application_id = param.get("system_application_id", atom.integer)
|
|
bsw/jbe@1309
|
3 local domain = param.get("domain")
|
|
bsw/jbe@1309
|
4 local session_id = param.get("session_id", atom.integer)
|
|
bsw/jbe@1309
|
5 local redirect_uri = param.get("redirect_uri")
|
|
bsw/jbe@1309
|
6 local redirect_uri_explicit = param.get("redirect_uri_explicit", atom.boolean)
|
|
bsw/jbe@1309
|
7 local scopes = param.get("scopes", "table")
|
|
bsw/jbe@1309
|
8 local state = param.get("state")
|
|
bsw/jbe@1309
|
9 local response_type = param.get("response_type")
|
|
bsw/jbe@1309
|
10
|
|
bsw/jbe@1309
|
11 if response_type == "code" then
|
|
bsw/jbe@1309
|
12
|
|
bsw/jbe@1309
|
13 local token = Token:create_authorization(
|
|
bsw/jbe@1309
|
14 member_id,
|
|
bsw/jbe@1309
|
15 system_application_id,
|
|
bsw/jbe@1309
|
16 domain,
|
|
bsw/jbe@1309
|
17 session_id,
|
|
bsw/jbe@1309
|
18 redirect_uri,
|
|
bsw/jbe@1309
|
19 redirect_uri_explicit,
|
|
bsw/jbe@1309
|
20 scopes,
|
|
bsw/jbe@1309
|
21 state
|
|
bsw/jbe@1309
|
22 )
|
|
bsw/jbe@1309
|
23
|
|
bsw/jbe@1309
|
24 request.redirect{
|
|
bsw/jbe@1309
|
25 external = redirect_uri,
|
|
bsw/jbe@1309
|
26 params = { code = token.token, state = state }
|
|
bsw/jbe@1309
|
27 }
|
|
bsw/jbe@1309
|
28
|
|
bsw/jbe@1309
|
29
|
|
bsw/jbe@1309
|
30 elseif response_type == "token" then
|
|
bsw/jbe@1309
|
31
|
|
bsw/jbe@1309
|
32 local expiry = db:query({ "SELECT now() + (? || 'sec')::interval AS access", config.oauth2.access_token_lifetime }, "object").access
|
|
bsw/jbe@1309
|
33
|
|
bsw/jbe@1309
|
34 local anchor_params = {
|
|
bsw/jbe@1309
|
35 state = state,
|
|
bsw/jbe@1309
|
36 expires_in = config.oauth2.access_token_lifetime,
|
|
bsw/jbe@1309
|
37 token_type = "bearer"
|
|
bsw/jbe@1309
|
38 }
|
|
bsw/jbe@1309
|
39
|
|
bsw/jbe@1309
|
40 for i = 0, #scopes do
|
|
bsw/jbe@1309
|
41 if scopes[i] then
|
|
bsw/jbe@1309
|
42 local access_token = Token:new()
|
|
bsw/jbe@1309
|
43 access_token.token_type = "access"
|
|
bsw/jbe@1309
|
44 access_token.member_id = member_id
|
|
bsw/jbe@1309
|
45 access_token.system_application_id = system_application_id
|
|
bsw/jbe@1309
|
46 access_token.domain = domain
|
|
bsw/jbe@1309
|
47 access_token.session_id = session_id
|
|
bsw/jbe@1309
|
48 access_token.expiry = expiry
|
|
bsw/jbe@1309
|
49 access_token.scope = scopes[i]
|
|
bsw/jbe@1309
|
50 access_token:save()
|
|
bsw/jbe@1309
|
51 local index = i == 0 and "" or i
|
|
bsw/jbe@1309
|
52 anchor_params["access_token" .. index] = access_token.token
|
|
bsw/jbe@1309
|
53 end
|
|
bsw/jbe@1309
|
54 end
|
|
bsw/jbe@1309
|
55
|
|
bsw/jbe@1309
|
56 local anchor_params_list = {}
|
|
bsw/jbe@1309
|
57 for k, v in pairs(anchor_params) do
|
|
bsw/jbe@1309
|
58 anchor_params_list[#anchor_params_list+1] = k .. "=" .. encode.url_part(v)
|
|
bsw/jbe@1309
|
59 end
|
|
bsw/jbe@1309
|
60 local anchor = table.concat(anchor_params_list, "&")
|
|
bsw/jbe@1309
|
61
|
|
bsw/jbe@1309
|
62 request.redirect{
|
|
bsw/jbe@1309
|
63 external = redirect_uri .. "#" .. anchor
|
|
bsw/jbe@1309
|
64 }
|
|
bsw/jbe@1309
|
65
|
|
bsw/jbe@1309
|
66 else
|
|
bsw/jbe@1309
|
67
|
|
bsw/jbe@1309
|
68 error("Internal error, should not happen")
|
|
bsw/jbe@1309
|
69
|
|
bsw/jbe@1309
|
70 end
|