liquid_feedback_frontend
view app/main/oauth2/_authorization.lua @ 1720:a63c2dacf619
If only one policy is available, choose it automatically
| author | bsw | 
|---|---|
| date | Mon Sep 27 13:09:30 2021 +0200 (2021-09-27) | 
| parents | 32cc544d5a5b | 
| children | 
 line source
     1 local member_id = param.get("member_id", atom.integer)
     2 local system_application_id = param.get("system_application_id", atom.integer)
     3 local domain = param.get("domain")
     4 local session_id = param.get("session_id", atom.integer)
     5 local redirect_uri = param.get("redirect_uri")
     6 local redirect_uri_explicit = param.get("redirect_uri_explicit", atom.boolean)
     7 local scopes = param.get("scopes", "table")
     8 local state = param.get("state")
     9 local response_type = param.get("response_type")
    11 if response_type == "code" then
    13   local token = Token:create_authorization(
    14     member_id,
    15     system_application_id,
    16     domain,
    17     session_id,
    18     redirect_uri,
    19     redirect_uri_explicit,
    20     scopes,
    21     state
    22   )
    24   request.redirect{ 
    25     external = redirect_uri,
    26     params = { code = token.token, state = state }
    27   }
    30 elseif response_type == "token" then
    32   local expiry = db:query({ "SELECT now() + (? || 'sec')::interval AS access", config.oauth2.access_token_lifetime }, "object").access
    34   local anchor_params = {
    35     state = state,
    36     expires_in = config.oauth2.access_token_lifetime,
    37     token_type = "bearer"
    38   }
    40   for i = 0, #scopes do
    41     if scopes[i] then
    42       local access_token = Token:new()
    43       access_token.token_type = "access"
    44       access_token.member_id = member_id
    45       access_token.system_application_id = system_application_id
    46       access_token.domain = domain
    47       access_token.session_id = session_id
    48       access_token.expiry = expiry
    49       access_token.scope = scopes[i]
    50       access_token:save()
    51       local index = i == 0 and "" or i 
    52       anchor_params["access_token" .. index] = access_token.token
    53     end
    54   end
    56   local anchor_params_list = {}
    57   for k, v in pairs(anchor_params) do
    58     anchor_params_list[#anchor_params_list+1] = k .. "=" .. encode.url_part(v)
    59   end
    60   local anchor = table.concat(anchor_params_list, "&")
    62   request.redirect{ 
    63     external = redirect_uri .. "#" .. anchor
    64   }
    66 else
    68   error("Internal error, should not happen")
    70 end
