Mercurial > prosody-modules

view mod_jsxc/templates/template.html @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 3a5fbb6c61b3
children
line wrap: on
line source

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
{header_style#
<link rel="stylesheet" type="text/css" media="screen" href="{item}"/>}
{header_scripts#
<script charset="utf-8" src="{item}"></script>}
<title>{service_name?Prosody IM and JSXC}</title>
{header_tags#
{item!}}
</head>
<body>
	<form id="jsxc_login_form" action="javascript:">
		<dl>
			<dt><label for="jsxc_username">Username</label></dt>
			<dd><input id="jsxc_username" name="username" placeholder="Alice"/></dd>
			<dt><label for="jsxc_password">Password</label></dt>
			<dd><input id="jsxc_password" name="password" type="password"/></dd>
		</dl>
		<button type="submit">Login</button>
	</form>

<script>{jsxcjs.startup.script!}</script>
</body>
</html>