bsw/jbe@1309: local member_id = param.get("member_id", atom.integer)
bsw/jbe@1309: local system_application_id = param.get("system_application_id", atom.integer)
bsw/jbe@1309: local domain = param.get("domain")
bsw/jbe@1309: local session_id = param.get("session_id", atom.integer)
bsw/jbe@1309: local redirect_uri = param.get("redirect_uri")
bsw/jbe@1309: local redirect_uri_explicit = param.get("redirect_uri_explicit", atom.boolean)
bsw/jbe@1309: local scopes = param.get("scopes", "table")
bsw/jbe@1309: local state = param.get("state")
bsw/jbe@1309: local response_type = param.get("response_type")
bsw/jbe@1309: 
bsw/jbe@1309: if response_type == "code" then
bsw/jbe@1309: 
bsw/jbe@1309:   local token = Token:create_authorization(
bsw/jbe@1309:     member_id,
bsw/jbe@1309:     system_application_id,
bsw/jbe@1309:     domain,
bsw/jbe@1309:     session_id,
bsw/jbe@1309:     redirect_uri,
bsw/jbe@1309:     redirect_uri_explicit,
bsw/jbe@1309:     scopes,
bsw/jbe@1309:     state
bsw/jbe@1309:   )
bsw/jbe@1309: 
bsw/jbe@1309:   request.redirect{ 
bsw/jbe@1309:     external = redirect_uri,
bsw/jbe@1309:     params = { code = token.token, state = state }
bsw/jbe@1309:   }
bsw/jbe@1309: 
bsw/jbe@1309:   
bsw/jbe@1309: elseif response_type == "token" then
bsw/jbe@1309:   
bsw/jbe@1309:   local expiry = db:query({ "SELECT now() + (? || 'sec')::interval AS access", config.oauth2.access_token_lifetime }, "object").access
bsw/jbe@1309: 
bsw/jbe@1309:   local anchor_params = {
bsw/jbe@1309:     state = state,
bsw/jbe@1309:     expires_in = config.oauth2.access_token_lifetime,
bsw/jbe@1309:     token_type = "bearer"
bsw/jbe@1309:   }
bsw/jbe@1309:   
bsw/jbe@1309:   for i = 0, #scopes do
bsw/jbe@1309:     if scopes[i] then
bsw/jbe@1309:       local access_token = Token:new()
bsw/jbe@1309:       access_token.token_type = "access"
bsw/jbe@1309:       access_token.member_id = member_id
bsw/jbe@1309:       access_token.system_application_id = system_application_id
bsw/jbe@1309:       access_token.domain = domain
bsw/jbe@1309:       access_token.session_id = session_id
bsw/jbe@1309:       access_token.expiry = expiry
bsw/jbe@1309:       access_token.scope = scopes[i]
bsw/jbe@1309:       access_token:save()
bsw/jbe@1309:       local index = i == 0 and "" or i 
bsw/jbe@1309:       anchor_params["access_token" .. index] = access_token.token
bsw/jbe@1309:     end
bsw/jbe@1309:   end
bsw/jbe@1309: 
bsw/jbe@1309:   local anchor_params_list = {}
bsw/jbe@1309:   for k, v in pairs(anchor_params) do
bsw/jbe@1309:     anchor_params_list[#anchor_params_list+1] = k .. "=" .. encode.url_part(v)
bsw/jbe@1309:   end
bsw/jbe@1309:   local anchor = table.concat(anchor_params_list, "&")
bsw/jbe@1309: 
bsw/jbe@1309:   request.redirect{ 
bsw/jbe@1309:     external = redirect_uri .. "#" .. anchor
bsw/jbe@1309:   }
bsw/jbe@1309:   
bsw/jbe@1309: else
bsw/jbe@1309:   
bsw/jbe@1309:   error("Internal error, should not happen")
bsw/jbe@1309:   
bsw/jbe@1309: end