view mod_conversejs/templates/template.html @ 5682:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents d3e926bf0c8a
children 1c8197075d04
line wrap: on
line source

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
{header_style#
<link rel="stylesheet" type="text/css" media="screen" href="{item}"/>}
{header_scripts#
<script charset="utf-8" src="{item}"></script>}
<title>{service_name?Prosody IM and Converse.js}</title>
{header_tags#
{item!}}
</head>
<body>
<noscript>
<h1>Converse.js</h1>
<p>I&apos;m sorry, but this XMPP client application won&apos;t work without JavaScript.</p>
<p>Perhaps you would like to try one of these clients:</p>
<dl>
<dt>Desktop</dt>
<dd><ul>
<li><a href="https://dino.im/">Dino</a></li>
<li><a href="https://gajim.org/">Gajim</a></li>
<li><a href="https://poez.io/">Poezio</a></li>
</ul></dd>
<dt>Mobile</dt>
<dd><ul>
<li><a href="https://github.com/siacs/Conversations">Conversations</a></li>
<li><a href="https://siskin.im/">Siskin</a></li>
<li><a href="https://yaxim.org/">Yaxim</a></li>
</ul></dd>
</dl>
<p><a href="https://xmpp.org/software/clients.html">More clients...</a></p>
</noscript>
<script>{conversejs.startup.script!}</script>
</body>
</html>