Mercurial > prosody-modules
diff mod_auth_oauth_external/README.md @ 5345:3390bb2f9f6c
mod_auth_oauth_external: Support PLAIN via resource owner password grant
Might not be supported by the backend but PLAIN is the lowest common
denominator, so not having it would lock out a lot of clients.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 12:45:52 +0100 |
| parents | 0a6d2b79a8bf |
| children | d9bc8712a745 |
line wrap: on
line diff
--- a/mod_auth_oauth_external/README.md Thu Mar 16 12:45:22 2023 +0100 +++ b/mod_auth_oauth_external/README.md Thu Mar 16 12:45:52 2023 +0100 @@ -7,7 +7,7 @@ This module provides external authentication via an external [AOuth 2](https://datatracker.ietf.org/doc/html/rfc7628) authorization server and supports the [SASL OAUTHBEARER authentication][rfc7628] -mechanism. +mechanism as well as PLAIN for legacy clients (this is all of them). # How it works @@ -15,6 +15,9 @@ the Authorization server to validate them, returning info about the user back to Prosody. +Alternatively for legacy clients, Prosody receives the users username +and password and retrieves a token itself, then proceeds as above. + # Configuration `oauth_external_discovery_url` @@ -35,6 +38,21 @@ structure returned by the validation endpoint that contains the XMPP localpart. +## For SASL PLAIN + +`oauth_external_resource_owner_password` +: Boolean. Defaults to `true`. Whether to allow the *insecure* + resource owner password grant and SASL PLAIN. + +`oauth_external_token_endpoint` +: URL string. OAuth 2 [Token + Endpoint](https://www.rfc-editor.org/rfc/rfc6749#section-3.2) used + to retrieve token in order to then retrieve the username. + +`oauth_external_client_id` +: String. Client ID used to identify Prosody during the resource owner + password grant. + # Compatibility Version Status