Mercurial > prosody-modules

view mod_s2s_auth_fingerprint/README.markdown @ 5715:8488ebde5739

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parents 8de50be756e5
children
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
- 'Type-S2SAuth'
summary: Fingerprint based s2s authentication
...

Introduction
============

This module allows you to manually pin certificate fingerprints of
remote servers.

Details
=======

Servers not listed in the configuration are not affected.

Configuration
=============

After installing and enabling this module, you can put fingerprints of
remote servers in your config like this:

``` {.lua}
s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512"
s2s_trusted_fingerprints = {
    ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED";
    ["matthewwild.co.uk"] = {
        "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA";
        "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0";
    };
}

-- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too
s2s_secure_domains = {
    "jabber.org";
}
```

Compatibility
=============

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------