Mercurial > prosody-modules
annotate mod_oidc_userinfo_vcard4/README.md @ 5446:dd7bddc87f98
mod_http_oauth2: Fix inclusion of role in refreshed access tokens
`refresh_token_info` does not carry the role, and due to behavior prior
to prosody trunk rev a1ba503610ed it would have reverted to the users'
default role. After that it instead issues a token without role which is
thus not usable with e.g. mod_rest
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 11 May 2023 21:37:35 +0200 |
| parents | f8ec43db580b |
| children | 320593cf7d90 |
| rev | line source |
|---|---|
|
5350
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 summary: OIDC UserInfo profile details from vcard4 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 labels: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 - Stage-Alpha |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 rockspec: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 dependencies: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 - mod_http_oauth2 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 This module extracts profile details from the user's [vcard4][XEP-0292] |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 and provides them in the [UserInfo] endpoint of [mod_http_oauth2] to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 clients the user grants authorization. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 Whether this is really needed is unclear at this point. When logging in |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 with an XMPP client, it could fetch the actual vcard4 to retrieve these |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 details, so the UserInfo details would probably primarily be useful to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 other OAuth 2 and OIDC clients. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 [UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse |