Mercurial > prosody-modules
view mod_s2s_auth_posh/README.markdown @ 5643:73c3d5bfce3e
mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt
If the OIDC 'prompt' parameter does not contain the 'select_account'
then it wants us to skip account selection, which means we have to
figure which account to authenticate somehow. One way could be have
this stored in a cookie from a previous successful login. Another way
would be to have the account passed as a hint, which is what we add
here.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 09 Sep 2023 21:42:24 +0200 |
| parents | 517c7f0333e3 |
| children |
line wrap: on
line source
--- labels: - 'Type-S2SAuth' --- Introduction ============ [PKIX over Secure HTTP (POSH)][rfc7711] describes a method of securely delegating a domain to a hosting provider, without that hosting provider needing keys and certificates covering the hosted domain. # Validating This module performs POSH validation of other servers. It is *not* needed to delegate your own domain. # Delegation You can generate the JSON delegation file from a certificate by running `prosodyctl mod_s2s_auth_posh /path/to/example.crt`. This file needs to be served at `https://example.com/.well-known/posh/xmpp-server.json`.