view mod_authz_delegate/README.md @ 5550:4fda06be6b08

mod_http_oauth2: Make note about handling repeated RFC 6749 states > If an authorization code is used more than once, the authorization > server MUST deny the request and SHOULD revoke (when possible) all > tokens previously issued based on that authorization code. We should follow the SHOULD. The MUST is already covered by removing the code state from the cache.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jun 2023 00:10:46 +0200
parents f61564b522f7
children
line wrap: on
line source

---
summary: Authorization delegation
rockspec: {}
...

This module allows delegating authorization questions (role assignment and
role policies) to another host within prosody.

The primary use of this is for a group of virtual hosts to use a common
authorization database, for example to allow a MUC component to grant
administrative access to an admin on a corresponding user virtual host.

## Configuration

The following example will make all role assignments for local and remote JIDs
from domain.example effective on groups.domain.example:

```
VirtualHost "domain.example"

Component "groups.domain.example" "muc"
    authorization = "delegate"
    authz_delegate_to = "domain.example"
```