implement SASL OAUTHBEARER and draft/bearer (#2122)

* implement SASL OAUTHBEARER and draft/bearer * Upgrade JWT lib * Fix an edge case in SASL EXTERNAL * Accept longer SASL responses * review fix: allow multiple token definitions * enhance tests * use SASL utilities from irc-go * test expired tokens
2025-12-20 02:00:11 -08:00 · 2024-02-13 18:58:32 -05:00 · 2024-02-13 18:58:32 -05:00 · ee7f818674
commit ee7f818674
parent 8475b62da4
58 changed files with 2868 additions and 975 deletions
--- a/irc/client.go
+++ b/irc/client.go
@ -21,6 +21,7 @@ import (
 	"github.com/ergochat/irc-go/ircfmt"
 	"github.com/ergochat/irc-go/ircmsg"
 	"github.com/ergochat/irc-go/ircreader"
+	"github.com/ergochat/irc-go/ircutils"
 	"github.com/xdg-go/scram"

 	"github.com/ergochat/ergo/irc/caps"
@ -28,6 +29,7 @@ import (
 	"github.com/ergochat/ergo/irc/flatip"
 	"github.com/ergochat/ergo/irc/history"
 	"github.com/ergochat/ergo/irc/modes"
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/sno"
 	"github.com/ergochat/ergo/irc/utils"
 )
@ -119,12 +121,20 @@ type Client struct {

 type saslStatus struct {
 	mechanism string
-	value     string
+	value     ircutils.SASLBuffer
 	scramConv *scram.ServerConversation
+	oauthConv *oauth2.OAuthBearerServer
+}
+
+func (s *saslStatus) Initialize() {
+	s.value.Initialize(saslMaxResponseLength)
 }

 func (s *saslStatus) Clear() {
-	*s = saslStatus{}
+	s.mechanism = ""
+	s.value.Clear()
+	s.scramConv = nil
+	s.oauthConv = nil
 }

 // what stage the client is at w.r.t. the PASS command:
@ -362,6 +372,7 @@ func (server *Server) RunClient(conn IRCConn) {
 		isTor:      wConn.Tor,
 		hideSTS:    wConn.Tor || wConn.HideSTS,
 	}
+	session.sasl.Initialize()
 	client.sessions = []*Session{session}

 	session.resetFakelag()