Mercurial > prosody-modules
diff mod_http_oauth2/README.markdown @ 5384:b40f29ec391a
mod_http_oauth2: Allow configuring PKCE challenge methods
You'd pretty much only want this to disable the 'plain' method, since it
doesn't seem to add that much security?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 29 Apr 2023 13:09:49 +0200 |
| parents | df11a2cbc7b7 |
| children | 3989c57cc551 |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Sat Apr 29 13:09:46 2023 +0200 +++ b/mod_http_oauth2/README.markdown Sat Apr 29 13:09:49 2023 +0200 @@ -129,6 +129,15 @@ oauth2_require_code_challenge = true ``` +Further, individual challenge methods can be enabled or disabled: + +```lua +allowed_oauth2_code_challenge_methods = { + "plain"; -- the insecure one + "S256"; +} +``` + ## Deployment notes ### Access management