Mercurial > prosody-modules
annotate mod_graceful_shutdown/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 999e7cb7f6d9 |
| children |
| rev | line source |
|---|---|
|
4898
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
1 ::: {.alert .alert-warning} |
|
2170
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 This module is an experiment about a more graceful shutdown process. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
4898
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
4 Graceful shutdown has now been implemented in Prosody trunk and will be |
|
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
5 part 0.12. See [issue #1225](https://issues.prosody.im/1225) for |
|
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
6 details. |
|
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
7 ::: |
|
999e7cb7f6d9
mod_graceful_shutdown: Add a banner saying no longer needed with trunk
Kim Alvefur <zash@zash.se>
parents:
2818
diff
changeset
|
8 |
|
2170
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 Why |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 === |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 When shutting down, a number of sessions, connections and other things |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 are teared down. Due to all these things happening very quickly, |
| 2818 | 14 sometimes e.g. client unavailable notifications don't make it to all |
|
2170
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 remote contacts because the server-to-server connections are teared down |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 just after. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 How |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 === |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 This module works by breaking the shutdown process into separate steps |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 with a brief pause between them. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 It goes something like this |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 1. Stop accepting new client connections. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 2. Close all client connections. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 3. Fire event for everything else. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 4. Tell `net.server` to quit the main loop. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 5. ??? |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 6. Still here? Kill itself. |
|
4652a112a4ba
mod_graceful_shutdown: Experiment in improving the shutdown experience
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |