Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5416:2393dbae51ed
mod_http_oauth2: Add option for specifying TTL of registered clients
Meant to simplify configuration, since TTL vs ignoring expiration is
expected to be the main thing one would want to configure.
Unsure what the implications of having unlimited lifetime of clients
are, given no way to revoke them currently, short of rotating the
signing secret.
On one hand, it would be annoying to have the client expire.
On the other hand, it is trivial to re-register it.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 04 May 2023 18:41:33 +0200 |
| parents | 644b2f2b9b52 |
| children | 2a11f590c5c8 |
comparison
equal
deleted
inserted
replaced
| 5415:f8797e3284ff | 5416:2393dbae51ed |
|---|---|
| 96 | 96 |
| 97 To allow users to connect any compatible software, you should enable dynamic | 97 To allow users to connect any compatible software, you should enable dynamic |
| 98 client registration. | 98 client registration. |
| 99 | 99 |
| 100 Dynamic client registration can be enabled by configuring a JWT key. Algorithm | 100 Dynamic client registration can be enabled by configuring a JWT key. Algorithm |
| 101 defaults to *HS256*. | 101 defaults to *HS256* lifetime defaults to forever. |
| 102 | 102 |
| 103 ```lua | 103 ```lua |
| 104 oauth2_registration_key = "securely generated JWT key here" | 104 oauth2_registration_key = "securely generated JWT key here" |
| 105 oauth2_registration_algorithm = "HS256" | 105 oauth2_registration_algorithm = "HS256" |
| 106 oauth2_registration_options = { default_ttl = 60 * 60 * 24 * 90 } | 106 oauth2_registration_ttl = nil -- unlimited by default |
| 107 ``` | 107 ``` |
| 108 | 108 |
| 109 ### Supported flows | 109 ### Supported flows |
| 110 | 110 |
| 111 Various flows can be disabled and enabled with | 111 Various flows can be disabled and enabled with |