Mercurial > prosody-modules

view mod_register_redirect/README.markdown @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 2023cba9ead0
children 372b6c4bf409
line wrap: on
line source

---
labels:
- 'Stage-Stable'
summary: 'XEP-077 IBR Registration Redirect.'
...

Introduction
------------

Registration Redirect as explained in the [IBR
XEP](http://xmpp.org/extensions/xep-0077.html#redirect).

Details
-------

This module shows instructions on how to register to the server, should
it be necessary to perform it through other means Out-Of-Band or not,
and also let's registrations origining from ip addresses in the
whitelist to go through normally.

Usage
-----

Copy the module file into your Prosody modules directory.

The module will work "out of the box" as long as at least an admin entry
is specified (see admins = {} option into prosody's documentation).These
are the optional parameters you can specify into your global
server/hostname configuration:

    registration_whitelist = { "*your whitelisted web server ip address*" }
    registrarion_url = "*your web registration page url*"
    registration_text = "Your custom instructions banner here"
    registration_oob = true (default) or false, in the case there's no applicable OOB method (e.g. the server admins needs to be contacted by phone)

To not employ any whitelisting (i.e. registration is handled
externally).

    no_registration_whitelist = true

Compatibility
-------------

  ------ --------------
  0.10   Works
  0.9    Works
  0.8    Works
  0.7    Might not work
  0.6    Doesn't work
  0.5    Doesn't work
  ------ --------------