annotate mod_audit_tokens/mod_audit_tokens.lua @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents c89077b4f46e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5712
b357ff3d0c8a mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents: 4934
diff changeset
1 local jid = require"util.jid";
b357ff3d0c8a mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents: 4934
diff changeset
2
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
3 module:depends("audit");
4934
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
4 -- luacheck: read globals module.audit
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
5
5750
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
6 module:hook("token-grant-created", function(event)
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
7 module:audit(jid.join(event.username, event.host), "token-grant-created", {
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
8 });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
9 end)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
10
5750
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
11 module:hook("token-grant-revoked", function(event)
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
12 module:audit(jid.join(event.username, event.host), "token-grant-revoked", {
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
13 });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
14 end)
5749
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents: 5748
diff changeset
15
5750
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
16 module:hook("token-revoked", function(event)
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
17 module:audit(jid.join(event.username, event.host), "token-revoked", {
5749
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents: 5748
diff changeset
18 });
5750
c89077b4f46e mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents: 5749
diff changeset
19 end)