Mercurial > prosody-modules
annotate mod_s2s_auth_posh/README.markdown @ 5617:d8622797e315
mod_http_oauth2: Shorten default token validity periods
With refresh tokens, short lifetime for access tokens is not a problem.
The arbitrary choice of one hour seems reasonable. RFC 6749 has it as
example value.
One week for refresh tokens matching the default archive retention
period. This means that a client that remains unused for one week will
have to sign in again. An actively used client will continually push
that forward with each used refresh token.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Jul 2023 01:30:14 +0200 |
| parents | 517c7f0333e3 |
| children |
| rev | line source |
|---|---|
|
3206
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 labels: |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 - 'Type-S2SAuth' |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 --- |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 Introduction |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 ============ |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 [PKIX over Secure HTTP (POSH)][rfc7711] describes a method of |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 securely delegating a domain to a hosting provider, without that hosting |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 provider needing keys and certificates covering the hosted domain. |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
3225
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
13 # Validating |
|
3206
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 This module performs POSH validation of other servers. It is *not* |
|
d57635562216
mod_s2s_auth_posh: Beginnings of a README
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 needed to delegate your own domain. |
|
3225
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
17 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
18 # Delegation |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
19 |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
20 You can generate the JSON delegation file from a certificate by running |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
21 `prosodyctl mod_s2s_auth_posh /path/to/example.crt`. This file needs to |
|
517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
Kim Alvefur <zash@zash.se>
parents:
3206
diff
changeset
|
22 be served at `https://example.com/.well-known/posh/xmpp-server.json`. |