comparison mod_http_oauth2/README.markdown @ 5383:df11a2cbc7b7

mod_http_oauth2: Implement RFC 7628 Proof Key for Code Exchange Likely to become mandatory in OAuth 2.1. Backwards compatible since the default 'plain' verifier would compare nil with nil if the relevant parameters are left out.
author Kim Alvefur <zash@zash.se>
date Sat, 29 Apr 2023 13:09:46 +0200
parents dd8616e68cb3
children b40f29ec391a
comparison
equal deleted inserted replaced
5382:12498c0d705f 5383:df11a2cbc7b7
44 44
45 Notable supported standards: 45 Notable supported standards:
46 46
47 - [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749) 47 - [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749)
48 - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628) 48 - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628)
49 - [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://www.rfc-editor.org/rfc/rfc7636)
49 - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) 50 - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
50 - [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) & [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html) 51 - [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) & [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html)
51 - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) 52 - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html)
52 53
53 ## Configuration 54 ## Configuration
119 "code"; -- authorization code flow 120 "code"; -- authorization code flow
120 -- "token"; -- implicit flow disabled by default 121 -- "token"; -- implicit flow disabled by default
121 } 122 }
122 ``` 123 ```
123 124
125 The [Proof Key for Code Exchange][RFC 7636] mitigation method can be
126 made required:
127
128 ```lua
129 oauth2_require_code_challenge = true
130 ```
131
124 ## Deployment notes 132 ## Deployment notes
125 133
126 ### Access management 134 ### Access management
127 135
128 This module does not provide an interface for users to manage what they have 136 This module does not provide an interface for users to manage what they have