Mercurial > prosody-modules
annotate mod_sasl2_fast/README.md @ 5626:a44af1b646f5
mod_http_oauth2: Optionally enforce authentication on revocation endpoint
But why do OAuth require this? If a token leaks, why couldn't anyone
revoke it?
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 31 Jul 2023 02:07:58 +0200 |
parents | 745c7f4cca40 |
children | 70fa3f8de249 |
rev | line source |
---|---|
5092 | 1 --- |
2 labels: | |
3 - Stage-Beta | |
4 summary: "Fast Authentication Streamlining Tokens" | |
5095
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
5 rockspec: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
6 dependencies: |
745c7f4cca40
mod_sasl2_fast: Add explicit dependency on mod_sasl2
Kim Alvefur <zash@zash.se>
parents:
5092
diff
changeset
|
7 - mod_sasl2 |
5092 | 8 --- |
9 | |
10 This module implements a mechanism via which clients can exchange a password | |
11 for a secure token, improving security and streamlining future reconnections. | |
12 | |
13 At the time of writing, the XEP that describes the FAST protocol is still | |
14 working its way through the XSF standards process. You can [view the FAST XEP | |
15 proposal here](https://xmpp.org/extensions/inbox/xep-fast.html). | |
16 | |
17 This module depends on [mod_sasl2]. | |
18 | |
19 ## Configuration | |
20 | |
21 | Name | Description | Default | | |
22 |---------------------------|--------------------------------------------------------|-----------------------| | |
23 | sasl2_fast_token_ttl | Default token expiry (seconds) | `86400*21` (21 days) | | |
24 | sasl2_fast_token_min_ttl | Time before tokens are eligible for rotation (seconds) | `86400` (1 day) | | |
25 | |
26 The `sasl2_fast_token_ttl` option determines the length of time a client can | |
27 remain disconnected before being "logged out" and needing to authenticate with | |
28 a password. Clients must perform at least one FAST authentication within this | |
29 period to remain active. | |
30 | |
31 The `sasl2_fast_token_min_ttl` option defines how long before a token will be | |
32 rotated by the server. By default a token is rotated if it is older than 24 | |
33 hours. This value should be less than `sasl2_fast_token_ttl` to prevent | |
34 clients being logged out unexpectedly. |