PLAIN or OAUTHBEARER

[toapaxi]

Hi,

How do you determine PLAIN or OAUTHBEARER?
Just enter the oauth_test_token function.

Change this return provider.test_password(username, token), true; and it worked

function provider.get_sasl_handler(session)
module:log("warn", "PRUEBA DE CTO");
local supported_mechanisms = {};
supported_mechanisms["OAUTHBEARER"] = true;
supported_mechanisms["PLAIN"] = true;
return new_sasl(host, {
plain_test = function(sasl, username, password, realm)
return provider.test_password(username, password), true;
end,
oauthbearer = function(sasl, username, token, realm)
return provider.test_password(username, token), true;
--return oauth_test_token(username, token, realm), true;
end,
mechanisms = supported_mechanisms
});
end

Great job!!!!!
Regards,
Chrystiam

[paulb-smartit]

it doesn't work like that. You don't choose. The first time out if there's a password it will use PLAIN. Next call if it has a token it will use OUTHBEARER.

This solved an issue for use and we now have prosody authenticating against keycloak.

One error we made was including the protocol https:// in the variable oauth_host. It was very difficult to find because it never gets to the keycloak service so nothing is logged. An http 400 Bad Request error gets returned eventually spotted client sent invalid host header while reading client request headers in the Nginx logs pointing to host: "https://sso.domain.tld.