Mercurial > prosody-modules
annotate mod_audit_tokens/mod_audit_tokens.lua @ 5796:93d6e9026c1b
mod_http_oauth2: Do not enforce PKCE on Device and OOB flows
PKCE does not appear to be used with the Device flow. I have found no
mention of any interaction between those standards. Since no data is
delivered via redirects in these cases, PKCE may not serve any purpose.
This is mostly a problem because we reuse the authorization code to
implement the Device and OOB flows.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 15 Dec 2023 12:10:07 +0100 |
parents | c89077b4f46e |
children |
rev | line source |
---|---|
5712
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
1 local jid = require"util.jid"; |
b357ff3d0c8a
mod_audit_auth: Include hostpart with audit events
Kim Alvefur <zash@zash.se>
parents:
4934
diff
changeset
|
2 |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
3 module:depends("audit"); |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
4 -- luacheck: read globals module.audit |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
5 |
5750
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
6 module:hook("token-grant-created", function(event) |
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
7 module:audit(jid.join(event.username, event.host), "token-grant-created", { |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
8 }); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 end) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 |
5750
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
11 module:hook("token-grant-revoked", function(event) |
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
12 module:audit(jid.join(event.username, event.host), "token-grant-revoked", { |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 }); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 end) |
5749
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
15 |
5750
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
16 module:hook("token-revoked", function(event) |
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
17 module:audit(jid.join(event.username, event.host), "token-revoked", { |
5749
238c4ac8b735
mod_audit_auth: Add audit record when a client connects that has not been seen before
Matthew Wild <mwild1@gmail.com>
parents:
5748
diff
changeset
|
18 }); |
5750
c89077b4f46e
mod_audit_tokens: Record events fired by mod_tokenauth in audit log
Kim Alvefur <zash@zash.se>
parents:
5749
diff
changeset
|
19 end) |