Mercurial > prosody-modules
view mod_admin_web/admin_web/get_deps.sh @ 5682:527c747711f3
mod_http_oauth2: Limit revocation to clients own tokens in strict mode
RFC 7009 section 2.1 states:
> The authorization server first validates the client credentials (in
> case of a confidential client) and then verifies whether the token was
> issued to the client making the revocation request. If this
> validation fails, the request is refused and the client is informed of
> the error by the authorization server as described below.
The first part was already covered (in strict mode). This adds the later
part using the hash of client_id recorded in 0860497152af
It still seems weird to me that revoking a leaked token should not be
allowed whoever might have discovered it, as that seems the responsible
thing to do.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 29 Oct 2023 11:30:49 +0100 |
| parents | 127d5452e4bb |
| children |
line wrap: on
line source
#!/bin/sh JQUERY_VERSION="1.10.2" STROPHE_VERSION="1.1.2" BOOTSTRAP_VERSION="1.4.0" ADHOC_COMMITISH="87bfedccdb91e2ff7cfb165e989e5259c155b513" cd www_files/js rm -f jquery-$JQUERY_VERSION.min.js wget http://code.jquery.com/jquery-$JQUERY_VERSION.min.js || exit 1 rm -f adhoc.js wget -O adhoc.js "http://git.babelmonkeys.de/?p=adhocweb.git;a=blob_plain;f=js/adhoc.js;hb=$ADHOC_COMMITISH" || exit 1 rm -f strophe.min.js wget https://raw.github.com/strophe/strophe.im/gh-pages/strophejs/downloads/strophejs-$STROPHE_VERSION.tar.gz && tar xzf strophejs-$STROPHE_VERSION.tar.gz strophejs-$STROPHE_VERSION/strophe.min.js && mv strophejs-$STROPHE_VERSION/strophe.min.js . && rm -r strophejs-$STROPHE_VERSION strophejs-$STROPHE_VERSION.tar.gz || exit 1 cd ../css rm -f bootstrap-$BOOTSTRAP_VERSION.min.css wget https://raw.github.com/twbs/bootstrap/v$BOOTSTRAP_VERSION/bootstrap.min.css -O bootstrap-$BOOTSTRAP_VERSION.min.css || exit 1