view mod_auth_sql/README.markdown @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 4d73a1a6ba68
children
line wrap: on
line source

---
labels:
- 'Type-Auth'
- 'Stage-Stable'
summary: SQL Database authentication module
...

Introduction
============

Allow client authentication to be handled by an SQL database query.

Unlike mod\_storage\_sql (which is supplied with Prosody) this module
allows for custom schemas (though currently it is required to edit the
source).

Configuration
=============

As with all auth modules, there is no need to add this to
modules\_enabled. Simply add in the global section, or for the relevant
hosts:

        authentication = "sql"

This module reuses the database configuration of
[mod\_storage\_sql](http://prosody.im/doc/modules/mod_storage_sql) (the
'sql' option), which you can set even if you are not using SQL as
Prosody's primary storage backend.

The query is currently hardcoded in the module, so you will need to edit
the module to change it. The default query is compatible with jabberd2
DB schema.

Compatibility
=============

  ----- -------
  0.8   Works
  ----- -------