Mercurial > prosody-modules
annotate mod_http_oauth2/README.markdown @ 5210:898575a0c6f3
mod_http_oauth2: Switch to '303 See Other' redirects
This is the recommendation by draft-ietf-oauth-v2-1-07 section 7.5.2. It is
the only redirect code that guarantees the user agent will use a GET request,
rather than re-submitting a POST request to the new URL.
The latter would be bad for us, as we are encoding auth tokens in the form
data.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 06 Mar 2023 10:37:43 +0000 |
parents | 164a9875935b |
children | 3235b8bd1e55 |
rev | line source |
---|---|
3903
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 --- |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 labels: |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 - Stage-Alpha |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 summary: 'OAuth2 API' |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 ... |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 Introduction |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 ============ |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 This module is a work-in-progress intended for developers only! |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 Configuration |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 ============= |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
5197
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
15 Dynamic client registration enabled by configuring a JWT key. Algorithm |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
16 defaults to *HS256*. |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
17 |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
18 ```lua |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
19 oauth2_registration_key = "securely generated JWT key here" |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
20 oauth2_registration_algorithm = "HS256" |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
21 oauth2_registration_options = { default_ttl = 60 * 60 * 24 * 90 } |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
22 ``` |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
23 |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
24 Various flows can be disabled and enabled with |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
25 `allowed_oauth2_grant_types` and `allowed_oauth2_response_types`: |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
26 |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
27 ```lua |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
28 allowed_oauth2_grant_types = { |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
29 "authorization_code"; -- authorization code grant |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
30 "password"; -- resource owner password grant |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
31 } |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
32 |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
33 allowed_oauth2_response_types = { |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
34 "code"; -- authorization code flow |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
35 -- "token"; -- implicit flow disabled by default |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
36 } |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
37 ``` |
164a9875935b
mod_http_oauth2/README: Document config options
Kim Alvefur <zash@zash.se>
parents:
4924
diff
changeset
|
38 |
3903
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 Compatibility |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 ============= |
cfeb93b80621
mod_http_oauth2: OAuth2 API (work in progress for developers only)
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
4924
df3d521e3c39
mod_http_oauth2/README: Update Compatibility section to mention 0.12
Kim Alvefur <zash@zash.se>
parents:
3903
diff
changeset
|
43 Requires Prosody 0.12+ or trunk. |