mod_http_oauth2: Implement stateless dynamic client registration Replaces previous explicit registration that required either the additional module mod_adhoc_oauth2_client or manually editing the database. That method was enough to have something to test with, but would not probably not scale easily. Dynamic client registration allows creating clients on the fly, which may be even easier in theory. In order to not allow basically unauthenticated writes to the database, we implement a stateless model here. per_host_key := HMAC(config -> oauth2_registration_key, hostname) client_id := JWT { client metadata } signed with per_host_key client_secret := HMAC(per_host_key, client_id) This should ensure everything we need to know is part of the client_id, allowing redirects etc to be validated, and the client_secret can be validated with only the client_id and the per_host_key. A nonce injected into the client_id JWT should ensure nobody can submit the same client metadata and retrieve the same client_secret

---
labels:
- 'Stage-Beta'
summary: "Automatically register new MUC participants as members"
...

# Introduction

This module automatically makes anybody who joins a MUC become a registered
member. This can be useful for certain use cases.

Note: there is no automatic cleanup of members. If you enable this on a server
with busy public channels, your member list will perpetually increase in size.

Also, there is currently no per-room option for this behaviour. That may be
added in the future, along with membership expiry.

# Configuration

There is currently no configuration for this module. The module should be
enabled on your MUC component, i.e. in the modules_enabled option under your
Component:

``` {.lua}
Component "conference.example.com" "muc"
    modules_enabled = {
        "muc_auto_member";
    }
```

# Compatibility

0.12 and later.