mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.

---
labels:
- 'Stage-Beta'
summary: Sequential MOTD messages
...

Introduction
============

mod\_motd\_sequential is a variant of
[mod\_motd](https://prosody.im/doc/modules/mod_motd) that lets you
specify a sequence of MOTD messages instead of a single static one. Each
message is only sent once and the module keeps track of who as seen
which message.

Configuration
=============

``` lua
modules_enabled = {
  -- other modules
    "motd_sequential";
}
motd_sequential_messages = {
  "Hello and welcome to our service!", -- First login
  "Lorem ipsum dolor sit amet", -- Second time they login
  -- Add more messages here.
}
```