Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5383:df11a2cbc7b7
mod_http_oauth2: Implement RFC 7628 Proof Key for Code Exchange
Likely to become mandatory in OAuth 2.1.
Backwards compatible since the default 'plain' verifier would compare
nil with nil if the relevant parameters are left out.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 29 Apr 2023 13:09:46 +0200 |
| parents | dd8616e68cb3 |
| children | b40f29ec391a |
comparison
equal
deleted
inserted
replaced
| 5382:12498c0d705f | 5383:df11a2cbc7b7 |
|---|---|
| 44 | 44 |
| 45 Notable supported standards: | 45 Notable supported standards: |
| 46 | 46 |
| 47 - [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749) | 47 - [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749) |
| 48 - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628) | 48 - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628) |
| 49 - [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://www.rfc-editor.org/rfc/rfc7636) | |
| 49 - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) | 50 - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) |
| 50 - [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) & [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html) | 51 - [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) & [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html) |
| 51 - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) | 52 - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) |
| 52 | 53 |
| 53 ## Configuration | 54 ## Configuration |
| 119 "code"; -- authorization code flow | 120 "code"; -- authorization code flow |
| 120 -- "token"; -- implicit flow disabled by default | 121 -- "token"; -- implicit flow disabled by default |
| 121 } | 122 } |
| 122 ``` | 123 ``` |
| 123 | 124 |
| 125 The [Proof Key for Code Exchange][RFC 7636] mitigation method can be | |
| 126 made required: | |
| 127 | |
| 128 ```lua | |
| 129 oauth2_require_code_challenge = true | |
| 130 ``` | |
| 131 | |
| 124 ## Deployment notes | 132 ## Deployment notes |
| 125 | 133 |
| 126 ### Access management | 134 ### Access management |
| 127 | 135 |
| 128 This module does not provide an interface for users to manage what they have | 136 This module does not provide an interface for users to manage what they have |