Mercurial > prosody-modules
view mod_host_status_heartbeat/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parents | 3f75f892a41e |
| children | 694b62d8a82f |
line wrap: on
line source
--- labels: Stage-Beta summary: Host status heartbeat ... Introduction ============ This module integrates with [mod\_host\_status\_check] to provide heartbeats at regular intervals. The only time you will generally want this, is if you are using [mod\_component\_client] to run Prosody as an external component of another Prosody server that has [mod\_host\_status\_check] loaded and waiting for heartbeats. Alternatively you can run this on the same Prosody host as [mod\_http\_host\_status\_check] and it will simply update a variable periodically to indicate that Prosody and timers are functional. Configuration ============= The following configuration options are supported: ```{.lua} -- The number of seconds to wait between sending heartbeats status_check_heartbeat_interval = 5 -- Set this to "remote" (the default) if you are using mod_component_client -- and you want to send a heartbeat to a remote server. Otherwise -- set it to "local" to send to mod_host_status_check on the same server. status_check_heartbeat_mode = "remote" ``` Compatibility ============= Works with Prosody 0.9.x and later.