Mercurial > prosody-modules
annotate mod_log_sasl_mech/mod_log_sasl_mech.lua @ 5425:3b30635d215c
mod_http_oauth2: Support granting zero role-scopes
It seems Very Bad that if you uncheck all roles on the consent page, you
get the default scopes, which seems the opposite of what you probably
intended. Currently, mod_tokenauth will do the same thing, so work is
needed there too to allow issuing tokens without roles.
A token without a role could be used for OIDC login, and not much else.
This seems like a valuable thing to support.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 07 May 2023 19:29:15 +0200 |
parents | 4baaa5a66a5a |
children | 5ff8022466ab |
rev | line source |
---|---|
1292
2d061333d0c2
mod_log_sasl_mech: Logs authentication mechanism used
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
2d061333d0c2
mod_log_sasl_mech: Logs authentication mechanism used
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 module:hook("authentication-success", function (event) |
1393
4baaa5a66a5a
mod_log_sasl_mech: Log SASL mechanism attached to session
Kim Alvefur <zash@zash.se>
parents:
1292
diff
changeset
|
3 local session = event.session; |
4baaa5a66a5a
mod_log_sasl_mech: Log SASL mechanism attached to session
Kim Alvefur <zash@zash.se>
parents:
1292
diff
changeset
|
4 local sasl_handler = session.sasl_handler; |
4baaa5a66a5a
mod_log_sasl_mech: Log SASL mechanism attached to session
Kim Alvefur <zash@zash.se>
parents:
1292
diff
changeset
|
5 session.log("info", "Authenticated with %s", sasl_handler and sasl_handler.selected or "legacy auth"); |
1292
2d061333d0c2
mod_log_sasl_mech: Logs authentication mechanism used
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 end); |