%% * Using the web form/api results in the token being generated in behalf of the user providing the user/pass
%% * Using the command line and oauth_issue_token command, the token is generated in behalf of ejabberd' sysadmin
%% (as it has access to ejabberd command line).
--record(oauth_token, {
- token = {<<"">>, <<"">>} :: {binary(), binary()},
- us = {<<"">>, <<"">>} :: {binary(), binary()},
- scope = [] :: [binary()],
- expire :: integer()
- }).
- -define(EXPIRE, 3600).
+ -define(EXPIRE, 31536000).
start() ->
- init_db(mnesia, ?MYNAME),
+ DBMod = get_db_backend(),
+ DBMod:init(),
Expire = expire(),
application:set_env(oauth2, backend, ejabberd_oauth),
application:set_env(oauth2, expiry_time, Expire),
process(_Handlers, _Request) ->
ejabberd_web:error(not_found).
+-spec get_db_backend() -> module().
+
+get_db_backend() ->
+ DBType = ejabberd_config:get_option(
+ oauth_db_type,
+ fun(T) -> ejabberd_config:v_db(?MODULE, T) end,
+ mnesia),
+ list_to_atom("ejabberd_oauth_" ++ atom_to_list(DBType)).
+
- %% Headers as per RFC 6749
+ %% Headers as per RFC 6749
json_response(Code, Body) ->
{Code, [{<<"Content-Type">>, <<"application/json;charset=UTF-8">>},
- {<<"Cache-Control">>, <<"no-store">>},
- {<<"Pragma">>, <<"no-cache">>}],
+ {<<"Cache-Control">>, <<"no-store">>},
+ {<<"Pragma">>, <<"no-cache">>}],
jiffy:encode(Body)}.
+ %% OAauth error are defined in:
+ %% https://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-5.2
+ json_error(Code, Error, Reason) ->
+ Desc = json_error_desc(Reason),
+ Body = {[{<<"error">>, Error},
+ {<<"error_description">>, Desc}]},
+ json_response(Code, Body).
+ json_error_desc(access_denied) -> <<"Access denied">>;
+ json_error_desc(unsupported_grant_type) -> <<"Unsupported grant type">>;
+ json_error_desc(invalid_scope) -> <<"Invalid scope">>.
web_head() ->
[?XA(<<"meta">>, [{<<"http-equiv">>, <<"X-UA-Compatible">>},
projects / ejabberd / commitdiff