Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5384:b40f29ec391a
mod_http_oauth2: Allow configuring PKCE challenge methods
You'd pretty much only want this to disable the 'plain' method, since it
doesn't seem to add that much security?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 29 Apr 2023 13:09:49 +0200 |
| parents | df11a2cbc7b7 |
| children | 3989c57cc551 |
comparison
equal
deleted
inserted
replaced
| 5383:df11a2cbc7b7 | 5384:b40f29ec391a |
|---|---|
| 127 | 127 |
| 128 ```lua | 128 ```lua |
| 129 oauth2_require_code_challenge = true | 129 oauth2_require_code_challenge = true |
| 130 ``` | 130 ``` |
| 131 | 131 |
| 132 Further, individual challenge methods can be enabled or disabled: | |
| 133 | |
| 134 ```lua | |
| 135 allowed_oauth2_code_challenge_methods = { | |
| 136 "plain"; -- the insecure one | |
| 137 "S256"; | |
| 138 } | |
| 139 ``` | |
| 140 | |
| 132 ## Deployment notes | 141 ## Deployment notes |
| 133 | 142 |
| 134 ### Access management | 143 ### Access management |
| 135 | 144 |
| 136 This module does not provide an interface for users to manage what they have | 145 This module does not provide an interface for users to manage what they have |