Mercurial > prosody-modules

comparison mod_auth_oauth_external/README.md @ 5344:0a6d2b79a8bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_auth_oauth_external: Authenticate against an OAuth 2 provider But suddenly unsure whether this constitutes an OAuth "client" or something else? Resource server maybe?
author Kim Alvefur <zash@zash.se>
date Thu, 16 Mar 2023 12:45:22 +0100
parents
children 3390bb2f9f6c
comparison
equal deleted inserted replaced
5343:5c1c70e52635 5344:0a6d2b79a8bf
1 ---
2 summary: Authenticate against an external OAuth 2 IdP
3 labels:
4 - Stage-Alpha
5 ---
6
7 This module provides external authentication via an external [AOuth
8 2](https://datatracker.ietf.org/doc/html/rfc7628) authorization server
9 and supports the [SASL OAUTHBEARER authentication][rfc7628]
10 mechanism.
11
12 # How it works
13
14 Clients retrieve tokens somehow, then show them to Prosody, which asks
15 the Authorization server to validate them, returning info about the user
16 back to Prosody.
17
18 # Configuration
19
20 `oauth_external_discovery_url`
21 : Optional URL string pointing to [OAuth 2.0 Authorization Server
22 Metadata](https://oauth.net/2/authorization-server-metadata/). Lets
23 clients discover where they should retrieve access tokens from if
24 they don't have one yet.
25
26 `oauth_external_validation_endpoint`
27 : URL string. The token validation endpoint, should validate the token
28 and return a JSON structure containing the username of the user
29 logging in the field specified by `oauth_external_username_field`.
30 Commonly the [OpenID `UserInfo`
31 endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
32
33 `oauth_external_username_field`
34 : String. Default is `"preferred_username"`. Field in the JSON
35 structure returned by the validation endpoint that contains the XMPP
36 localpart.
37
38 # Compatibility
39
40 Version Status
41 --------- ---------------
42 trunk works
43 0.12.x does not work
44 0.11.x does not work