annotate mod_compat_roles/README.markdown @ 5616:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parents fc6a618bfe4e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4983
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 ---
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 labels:
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 - Stage-Alpha
4984
fc6a618bfe4e mod_compat_roles/README: Fix yaml syntax in metadata block
Kim Alvefur <zash@zash.se>
parents: 4983
diff changeset
4 summary: Compatibility layer for Prosody's future roles API
fc6a618bfe4e mod_compat_roles/README: Fix yaml syntax in metadata block
Kim Alvefur <zash@zash.se>
parents: 4983
diff changeset
5 ---
4983
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 Introduction
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 ============
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 This module provides compatibility with Prosody's new role and permissions
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 system. It aims to run on Prosody 0.11 and 0.12, providing a limited version
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 of the new API backed by is_admin() (which is not going to be present in trunk
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 and future Prosody versions).
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 It is designed for use by modules which want to be compatible with Prosody
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 versions with and without the new permissions API.
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 Configuration
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 =============
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 There is no configuration.
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 Usage (for developers)
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 ======================
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 If you are a module developer, and want your module to work with Prosody trunk
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 and future releases, you should avoid the `usermanager.is_admin()` function.
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 Instead, depend on this module:
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 ```
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:depends("compat_roles")
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 ```
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 Then use `module:may()` instead:
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 ```
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 if module:may(":do-something") then
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 -- Blah
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 end
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 ```
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 For more information on the new role/permissions API, check Prosody's
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 developer documentation at https://prosody.im/doc/developers/permissions
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 Compatibility
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 =============
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48
7c77058a1ac5 mod_compat_roles: New module providing compat shim for trunk's new role API
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 Requires Prosody 0.11 or 0.12.