diff options
author | Vika <vika@fireburn.ru> | 2022-09-21 10:42:26 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2022-09-28 00:59:43 +0300 |
commit | e5281c6da75f115d01aa5bef2f460ebd5b30a656 (patch) | |
tree | 369b764ac3f346aa9068a27bc631c8edc42fc271 /kittybox-rs/src | |
parent | e468d8cd5aac240a05a149737e0117a57a926683 (diff) | |
download | kittybox-e5281c6da75f115d01aa5bef2f460ebd5b30a656.tar.zst |
indieauth: add "token_type" and "scope" to token grant response
It looks like some badly-behaved apps require "scope" even though it is optional according to OAuth2. Additionally, both of these fields are not present in the IndieAuth spec (this is an error in the spec, tracked here: https://github.com/indieweb/indieauth/issues/116
Diffstat (limited to 'kittybox-rs/src')
-rw-r--r-- | kittybox-rs/src/indieauth/mod.rs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/kittybox-rs/src/indieauth/mod.rs b/kittybox-rs/src/indieauth/mod.rs index 67f4a43..44cb368 100644 --- a/kittybox-rs/src/indieauth/mod.rs +++ b/kittybox-rs/src/indieauth/mod.rs @@ -442,6 +442,8 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>( me, profile, access_token, + token_type: kittybox_indieauth::TokenType::Bearer, + scope: Some(scope), expires_in: Some(ACCESS_TOKEN_VALIDITY), refresh_token: Some(refresh_token) }.into_response() @@ -517,7 +519,7 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>( let old_refresh_token = refresh_token; let refresh_token = match backend.create_refresh_token( - prepare_refresh_token(data.me.clone(), client_id, scope) + prepare_refresh_token(data.me.clone(), client_id, scope.clone()) ).await { Ok(token) => token, Err(err) => { @@ -534,6 +536,8 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>( me: data.me, profile, access_token, + token_type: kittybox_indieauth::TokenType::Bearer, + scope: Some(scope), expires_in: Some(ACCESS_TOKEN_VALIDITY), refresh_token: Some(refresh_token) }.into_response() |