Mercurial > prosody-modules
annotate mod_oidc_userinfo_vcard4/README.md @ 5472:b80b6947b079
mod_http_oauth2: Always show early errors to user
Before having validated the client_id, communicating an error back to
the client via redirect would make this an open redirect, so we may just
as well skip past that logic, and especially the warning log message.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 May 2023 13:43:17 +0200 |
| parents | f8ec43db580b |
| children | 320593cf7d90 |
| rev | line source |
|---|---|
|
5350
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 summary: OIDC UserInfo profile details from vcard4 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 labels: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 - Stage-Alpha |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 rockspec: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 dependencies: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 - mod_http_oauth2 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 This module extracts profile details from the user's [vcard4][XEP-0292] |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 and provides them in the [UserInfo] endpoint of [mod_http_oauth2] to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 clients the user grants authorization. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 Whether this is really needed is unclear at this point. When logging in |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 with an XMPP client, it could fetch the actual vcard4 to retrieve these |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 details, so the UserInfo details would probably primarily be useful to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 other OAuth 2 and OIDC clients. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 [UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse |