annotate mod_component_client/README.markdown @ 5390:f2363e6d9a64
mod_http_oauth2: Advertise the currently supported id_token signing algorithm
This field is REQUIRED. The algorithm RS256 MUST be included, but isn't
because we don't implement it, as that would require implementing a pile
of additional cryptography and JWT stuff. Instead the id_token is
signed using the client secret, which allows verification by the client,
since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under
Symmetric Signatures.
OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that
are not supported here, but that's okay because this is served from the
RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author |
Kim Alvefur <zash@zash.se> |
date |
Sun, 30 Apr 2023 16:13:40 +0200 |
parents |
35ae59a8196d |
children |
|
rev |
line source |
2323
|
1 Introduction |
|
2 ============ |
|
3 |
|
4 This module turns Prosody hosts into components of other XMPP servers. |
|
5 |
|
6 Configuration |
|
7 ============= |
|
8 |
|
9 Example configuration: |
|
10 |
|
11 ``` {.lua} |
|
12 VirtualHost "component.example.com" |
|
13 modules_enabled = { "component_client" } |
|
14 component_client = { |
|
15 host = "localhost"; |
|
16 port = 5347; |
|
17 secret = "hunter2"; |
|
18 } |
|
19 ``` |