Mercurial > prosody-modules
view mod_devices/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | 4cf65afd90f4 |
children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: 'Device identification' ... Description ============ This is an experimental module that aims to identify the different devices (technically clients) that a user uses with their account. It is expected that at some point this will be backed by a nicer protocol, but it currently uses a variety of hacky methods to track devices between sessions. Usage ===== ``` {.lua} modules_enabled = { -- ... "devices", -- ... } ``` Configuration ============= Option summary -------------- option type default ------------------------------ ----------------------- ----------- max\_user\_devices number `5` Compatibility ============= ------- ----------------------- trunk Works 0.11 Works 0.10 Does not work ------- -----------------------