prosody-modules: mod_audit_auth/mod_audit

annotate mod_audit_auth/mod_audit_auth.lua @ 5390:f2363e6d9a64

mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 § 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!

author	Kim Alvefur <zash@zash.se>
date	Sun, 30 Apr 2023 16:13:40 +0200
parents	08dea42a302a
children	b357ff3d0c8a

rev	line source
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	1 module:depends("audit");
4934 08dea42a302a mod_audit: fix luacheck warnings Jonas Schäfer <jonas@wielicki.name>* parents: 4933 diff changeset	2 -- luacheck: read globals module.audit
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	3
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	4 module:hook("authentication-failure", function(event)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	5 local session = event.session;
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	6 module:audit(session.sasl_handler.username, "authentication-failure", {
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	7 session = session,
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	8 });
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	9 end)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	10
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	11 module:hook("authentication-success", function(event)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	12 local session = event.session;
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	13 module:audit(session.sasl_handler.username, "authentication-success", {
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	14 session = session,
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	15 });
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	16 end)

Mercurial > prosody-modules

annotate mod_audit_auth/mod_audit_auth.lua @ 5390:f2363e6d9a64