Mercurial > prosody-modules
annotate mod_saslname/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 548b68ae793b |
| children |
| rev | line source |
|---|---|
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
1 --- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
2 labels: |
|
2570
548b68ae793b
mod_saslname: Declare module Stable since it does one simple thing very well
Kim Alvefur <zash@zash.se>
parents:
2569
diff
changeset
|
3 - 'Stage-Stable' |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
4 - 'Type-Auth' |
|
2568
01fcc5ebc655
mod_saslname/README: Update for XEP title change
Kim Alvefur <zash@zash.se>
parents:
1803
diff
changeset
|
5 summary: 'XEP-0233: XMPP Server Registration for use with Kerberos V5' |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
6 ... |
| 1782 | 7 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
8 Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
9 ============ |
| 1782 | 10 |
|
2569
f622fb016155
mod_saslname/README: Expand description
Kim Alvefur <zash@zash.se>
parents:
2568
diff
changeset
|
11 This module implements a manual method for advertsing the Kerberos |
|
f622fb016155
mod_saslname/README: Expand description
Kim Alvefur <zash@zash.se>
parents:
2568
diff
changeset
|
12 principal name as per [XEP-0233]. It could be used in conjection with |
|
f622fb016155
mod_saslname/README: Expand description
Kim Alvefur <zash@zash.se>
parents:
2568
diff
changeset
|
13 a Kerberos authentication module. |
| 1782 | 14 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
15 Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
16 ============= |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
17 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
18 sasl_hostname = "auth42.us.example.com" |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
19 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
20 Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1782
diff
changeset
|
21 ============= |
| 1782 | 22 |
| 23 Prosody 0.7+ |