in modules/oauth/mod-oauth1.cpp [142:183]
const failable<int> authenticated(const list<value>& userinfo, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) {
debug(userinfo, "modoauth2::authenticated::userinfo");
if (isNull(scopeattrs)) {
// Store user id in an environment variable
const list<value> id = assoc<value>("id", userinfo);
if (isNull(id) || isNull(cdr(id)))
return mkfailure<int>("Couldn't retrieve user id", HTTP_UNAUTHORIZED);
apr_table_set(r->subprocess_env, "OAUTH2_ID", apr_pstrdup(r->pool, c_str(cadr(id))));
// If the request user field has not been mapped to another attribute, map the
// OAuth id attribute to it
if (r->user == NULL || r->user[0] == '\0')
r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
// Run the authnz hooks to check the authenticated user
const failable<int> arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs);
if (!hasContent(arc))
return arc;
// Update the request user field with the authorized user id returned by the authnz hooks
const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER");
if (auser != NULL)
r->user = apr_pstrdup(r->pool, auser);
return OK;
}
// Store each configured OAuth scope attribute in an environment variable
const list<value> a = car(scopeattrs);
const list<value> v = assoc<value>(cadr(a), userinfo);
if (!isNull(v) && !isNull(cdr(v))) {
// Map the REMOTE_USER attribute to the request user field
if (string(car(a)) == "REMOTE_USER")
r->user = apr_pstrdup(r->pool, c_str(cadr(v)));
else
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
}
return authenticated(userinfo, r, cdr(scopeattrs), apcs);
}