Mercurial > prosody-modules
annotate mod_adhoc_oauth2_client/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | a9c1cc91d3d6 |
| children |
| rev | line source |
|---|---|
|
4264
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 labels: |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 - Stage-Alpha |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 summary: 'Create OAuth2 clients via ad-hoc command' |
|
5260
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
5 rockspec: |
|
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
6 dependencies: |
|
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
7 - mod_http_oauth2 |
|
4264
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 ... |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 Introduction |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 ============ |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
5260
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
13 [Ad-Hoc command][XEP-0050] interface to |
|
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
14 [dynamic OAuth2 registration](https://oauth.net/2/dynamic-client-registration/) |
|
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
15 provided by [mod_http_oauth2]. |
|
4264
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 Compatibility |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 ============= |
|
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
|
5260
a9c1cc91d3d6
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
5253
diff
changeset
|
20 Same as [mod_http_oauth2] |
|
4264
84bdf7e01744
mod_adhoc_oauth2_client: Add stub README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |