Mercurial > prosody-modules
view mod_audit_tokens/mod_audit_tokens.lua @ 5796:93d6e9026c1b
mod_http_oauth2: Do not enforce PKCE on Device and OOB flows
PKCE does not appear to be used with the Device flow. I have found no
mention of any interaction between those standards. Since no data is
delivered via redirects in these cases, PKCE may not serve any purpose.
This is mostly a problem because we reuse the authorization code to
implement the Device and OOB flows.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 15 Dec 2023 12:10:07 +0100 |
| parents | c89077b4f46e |
| children |
line wrap: on
line source
local jid = require"util.jid"; module:depends("audit"); -- luacheck: read globals module.audit module:hook("token-grant-created", function(event) module:audit(jid.join(event.username, event.host), "token-grant-created", { }); end) module:hook("token-grant-revoked", function(event) module:audit(jid.join(event.username, event.host), "token-grant-revoked", { }); end) module:hook("token-revoked", function(event) module:audit(jid.join(event.username, event.host), "token-revoked", { }); end)