Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5467:1c78a97a1091
mod_http_oauth2: Add a special "xmpp" scope that grants the users' default role
This will be the first step towards defining a standard set of XMPP
scopes. "xmpp" behaves as an alias for the user's default role, so that
the client does not need to know about the various prosody:* roles.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 17 May 2023 19:40:27 +0200 |
| parents | 66e13e79928b |
| children | cae3bb3dd45f |
comparison
equal
deleted
inserted
replaced
| 5466:398d936e77fb | 5467:1c78a97a1091 |
|---|---|
| 163 | 163 |
| 164 ### Scopes | 164 ### Scopes |
| 165 | 165 |
| 166 OAuth supports "scopes" as a way to grant clients limited access. | 166 OAuth supports "scopes" as a way to grant clients limited access. |
| 167 | 167 |
| 168 There are currently no standard scopes defined for XMPP. This is something | 168 There are currently no standard scopes defined for XMPP. This is |
| 169 that we intend to change, e.g. by definitions provided in a future XEP. This | 169 something that we intend to change, e.g. by definitions provided in a |
| 170 means that clients you authorize currently have unrestricted access to your | 170 future XEP. This means that clients you authorize currently have to |
| 171 account (including the ability to change your password and lock you out!). So, | 171 choose between unrestricted access to your account (including the |
| 172 for now, while using OAuth clients can prevent leaking your password to them, | 172 ability to change your password and lock you out!) and zero access. So, |
| 173 it is not currently suitable for connecting untrusted clients to your account. | 173 for now, while using OAuth clients can prevent leaking your password to |
| 174 them, it is not currently suitable for connecting untrusted clients to | |
| 175 your account. | |
| 176 | |
| 177 As a first step, the `xmpp` scope is supported, and corresponds to | |
| 178 whatever permissions the user would have when logged in over XMPP. | |
| 179 | |
| 180 Further, known Prosody roles can be used as scopes. | |
| 181 | |
| 182 OpenID scopes such as `openid` and `profile` can be used for "Login | |
| 183 with XMPP" without granting access to more than limited profile details. | |
| 174 | 184 |
| 175 ## Compatibility | 185 ## Compatibility |
| 176 | 186 |
| 177 Requires Prosody trunk (April 2023), **not** compatible with Prosody 0.12 or | 187 Requires Prosody trunk (April 2023), **not** compatible with Prosody 0.12 or |
| 178 earlier. | 188 earlier. |