Mercurial > prosody-modules
annotate mod_groups_oidc/README.md @ 5550:4fda06be6b08
mod_http_oauth2: Make note about handling repeated
RFC 6749 states
> If an authorization code is used more than once, the authorization
> server MUST deny the request and SHOULD revoke (when possible) all
> tokens previously issued based on that authorization code.
We should follow the SHOULD.
The MUST is already covered by removing the code state from the cache.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 16 Jun 2023 00:10:46 +0200 |
| parents | 7d9dce4e7dd0 |
| children | e1422ae7e4de |
| rev | line source |
|---|---|
|
5504
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 summary: OIDC group membership in UserInfo |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 labels: |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 - Stage-Alpha |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 rockspec: |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 dependencies: |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 - mod_http_oauth2 >= 200 |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 --- |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 This module exposes [mod_groups_internal] groups to |
|
7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 [OAuth 2.0][mod_http_oauth2] clients via a `groups` scope/claim. |