Mercurial > prosody-modules
annotate mod_s2s_auth_posh/README.markdown @ 5511:0860497152af
mod_http_oauth2: Record hash of client_id to allow future verification
RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the
client. In order to do that, we must record something that can
definitely tie the client to the grant. Since the full client_id is so
large (why we have this client_subset function), a hash is stored
instead.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 02 Jun 2023 10:14:16 +0200 |
| parents | 517c7f0333e3 |
| children |
| rev | line source |
|---|---|
|
3206
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 labels: |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 - 'Type-S2SAuth' |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 --- |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 Introduction |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 ============ |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 [PKIX over Secure HTTP (POSH)][rfc7711] describes a method of |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 securely delegating a domain to a hosting provider, without that hosting |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 provider needing keys and certificates covering the hosted domain. |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
3225
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
13 # Validating |
|
3206
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 This module performs POSH validation of other servers. It is *not* |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 needed to delegate your own domain. |
|
3225
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
17 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
18 # Delegation |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
19 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
20 You can generate the JSON delegation file from a certificate by running |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
21 `prosodyctl mod_s2s_auth_posh /path/to/example.crt`. This file needs to |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
22 be served at `https://example.com/.well-known/posh/xmpp-server.json`. |