Mercurial > prosody-modules
annotate mod_client_proxy/README.markdown @ 5424:b45d9a81b3da
mod_http_oauth2: Revert role selector, going to try something else
Back out f2c7bb3af600
Allowing only a single role to be encoded into the grant takes away the
possibility of having multiple roles in the grant, one of which is
selected when issuing an access token. It also takes away the ability to
have zero roles granted, which could be useful e.g. when you only need
OIDC scopes.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 07 May 2023 19:40:57 +0200 |
parents | 3dd7840cb923 |
children |
rev | line source |
---|---|
3098
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
1 --- |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
2 labels: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
3 - 'Stage-Alpha' |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
4 summary: 'Proxy multiple client resources behind a single component' |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
5 ... |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
6 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
7 What it does |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
8 ============ |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
9 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
10 This module must be used as a component. For example: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
11 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
12 Component "proxy.domain.example" "client_proxy" |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
13 target_address = "some-user@some-domain.example" |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
14 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
15 All IQ requests against the proxy host (in the above example: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
16 proxy.domain.example) are sent to a random resource of the target address (in |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
17 the above example: some-user@some-domain.example). The entity behind the |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
18 target address is called the "implementing client". |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
19 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
20 The IQ requests are JAT-ed (JAT: Jabber Address Translation) so that when the |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
21 implementing client answers the IQ request, it is sent back to the component, |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
22 which reverts the translation and routes the reply back to the user. |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
23 |
4318
3dd7840cb923
mod_client_proxy: Fix typo in readme
Jonas Schäfer <jonas@wielicki.name>
parents:
3102
diff
changeset
|
24 Let us assume that user@some-domain.example sends a request. The |
3098
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
25 proxy.domain.example component has the client_proxy module loaded and proxies to |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
26 some-user@some-domain.example. some-user@some-domain.example has two resources, |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
27 /a and /b. |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
28 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
29 user -> component: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
30 <iq type='get' id='1234' to='proxy.domain.example' from='user@some-domain.example/abc'> |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
31 component -> implementing client: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
32 <iq type='get' id='1234' to='some-user@some-domain.example/a' from='proxy.domain.example/encoded-from'> |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
33 implementing client -> component: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
34 <iq type='result' id='1234' to='proxy.domain.example/encoded-from' from='some-user@some-domain.example/a'> |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
35 component -> user: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
36 <iq type='result' id='1234' to='user@some-domain.example/abc' from='proxy.domain.example'> |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
37 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
38 The encoded-from resource used in the exchange between the proxy component |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
39 and the implementing client is an implementation-defined string which allows |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
40 the proxy component to revert the JAT. |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
41 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
42 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
43 Use cases |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
44 ========= |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
45 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
46 * Implementation of services within clients instead of components, thus making |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
47 use of the more advanced authentication features. |
3102
f04dbfad5407
mod_client_proxy: extend readme
Jonas Wielicki <jonas@wielicki.name>
parents:
3098
diff
changeset
|
48 * Load-balancing requests to different client resources. |
3098
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
49 * General evilness |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
50 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
51 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
52 Configuration |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
53 ============= |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
54 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
55 To use this module, it needs to be loaded on a component: |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
56 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
57 Component "proxy.yourdomain.example" "client_proxy" |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
58 target_address = "implementation@yourdomain.example" |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
59 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
60 It will then send a subscription request to implementation@yourdomain.example |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
61 which MUST be accepted: this is required so that the component can detect the |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
62 resources to which IQ requests can be dispatched. |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
63 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
64 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
65 Limitations |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
66 =========== |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
67 |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
68 * It does not handle presence or message stanzas. |
a81456a13797
mod_client_proxy: a Jabber Address Translation implementation
Jonas Wielicki <jonas@wielicki.name>
parents:
diff
changeset
|
69 * It does not allow the implementing client to initiate IQ requests |