resources/prosody-plugins/token/util.lib.lua

-- Token authentication
-- Copyright (C) 2015 Atlassian

local jwt = require "luajwtjitsi";

local _M = {};

local function _verify_token(token, appId, appSecret, disableRoomNameConstraints)

	local claims, err = jwt.decode(token, appSecret, true);
	if claims == nil then
		return nil, err;
	end

	local alg = claims["alg"];
	if alg ~= nil and (alg == "none" or alg == "") then
		return nil, "'alg' claim must not be empty";
	end

	local issClaim = claims["iss"];
	if issClaim == nil then
		return nil, "'iss' claim is missing";
	end
	if issClaim ~= appId then
		return nil, "Invalid application ID('iss' claim)";
	end

	local roomClaim = claims["room"];
	if roomClaim == nil and disableRoomNameConstraints ~= true then
		return nil, "'room' claim is missing";
	end

	return claims;
end

function _M.verify_token(token, appId, appSecret, disableRoomNameConstraints)
	return _verify_token(token, appId, appSecret, disableRoomNameConstraints);
end

return _M;
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`-- Token authentication`
			`-- Copyright (C) 2015 Atlassian`

Switch back to 'luajwt' in order to fix broken JWT Temporarily reference 'luajwtjitsi' luarock for immediate deployment until our changes with RS256 support eventually get merged with the master 2016-08-02 12:34:32 -05:00			`local jwt = require "luajwtjitsi";`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00
			`local _M = {};`

Add basic ASAP support to mod_auth_token See: http://s2sauth.bitbucket.org/ 2016-08-23 14:42:49 -05:00			`local function _verify_token(token, appId, appSecret, disableRoomNameConstraints)`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 19:51:43 +01:00			`local claims, err = jwt.decode(token, appSecret, true);`
Uses JWT for token generation in prosody plugin. 2015-11-18 12:49:36 -06:00			`if claims == nil then`
			`return nil, err;`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`end`

Check for "none" alg in JWT signing 2016-07-18 13:27:14 -05:00			`local alg = claims["alg"];`
			`if alg ~= nil and (alg == "none" or alg == "") then`
			`return nil, "'alg' claim must not be empty";`
			`end`

Uses JWT for token generation in prosody plugin. 2015-11-18 12:49:36 -06:00			`local issClaim = claims["iss"];`
			`if issClaim == nil then`
Improve token error reporting in Prosody JWT plugin 2016-04-20 16:37:36 -05:00			`return nil, "'iss' claim is missing";`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`end`
Uses JWT for token generation in prosody plugin. 2015-11-18 12:49:36 -06:00			`if issClaim ~= appId then`
			`return nil, "Invalid application ID('iss' claim)";`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`end`

Uses JWT for token generation in prosody plugin. 2015-11-18 12:49:36 -06:00			`local roomClaim = claims["room"];`
JWT client support 2016-06-13 16:11:44 -05:00			`if roomClaim == nil and disableRoomNameConstraints ~= true then`
Improve token error reporting in Prosody JWT plugin 2016-04-20 16:37:36 -05:00			`return nil, "'room' claim is missing";`
Uses JWT for token generation in prosody plugin. 2015-11-18 12:49:36 -06:00			`end`
New JWT token impl that does not require token verification in Jicofo and uses anonymous authentication method(token goes as BOSH query param). Adds 'allow_empty_token" config option. 2015-12-22 19:51:43 +01:00
mod_auth_token: Set room name on session 2016-08-26 14:41:06 -05:00			`return claims;`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`end`

Add basic ASAP support to mod_auth_token See: http://s2sauth.bitbucket.org/ 2016-08-23 14:42:49 -05:00			`function _M.verify_token(token, appId, appSecret, disableRoomNameConstraints)`
			`return _verify_token(token, appId, appSecret, disableRoomNameConstraints);`
Adds Prosody plugin for token authentication. 2015-11-02 15:02:50 -06:00			`end`

JWT client support 2016-06-13 16:11:44 -05:00			`return _M;`