Mercurial > prosody-modules
view mod_omemo_all_access/README.markdown @ 5425:3b30635d215c
mod_http_oauth2: Support granting zero role-scopes
It seems Very Bad that if you uncheck all roles on the consent page, you
get the default scopes, which seems the opposite of what you probably
intended. Currently, mod_tokenauth will do the same thing, so work is
needed there too to allow issuing tokens without roles.
A token without a role could be used for OIDC login, and not much else.
This seems like a valuable thing to support.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 19:29:15 +0200 |
| parents | b5f5d6bf703c |
| children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: 'Disable access control for all OMEMO related PEP nodes' --- Introduction ============ Traditionally OMEMO encrypted messages could only be exchanged after gaining mutual presence subscription due to the OMEMO key material being stored in PEP. XEP-0060 defines a method of changing the access model of a PEP node from `presence` to `open`. However Prosody does not yet support access models on PEP nodes. This module disables access control for all OMEMO PEP nodes (=all nodes in the namespace of `eu.siacs.conversations.axolotl.*`), giving everyone access to the OMEMO key material and allowing them to start OMEMO sessions with users on this server. Disco feature ============= This modules annouces a disco feature on the account to allow external tools such as the [Compliance Tester](https://conversations.im/compliance/) to check if this module has been installed. Compatibility ============= ----- ----------------------------------------------------------------------------- trunk Not needed, mod\_pep provides this feature already 0.11 Not needed, mod\_pep provides this feature already 0.10 Works ----- -----------------------------------------------------------------------------