view mod_audit_tokens/mod_audit_tokens.lua @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents c89077b4f46e
children
line wrap: on
line source

local jid = require"util.jid";

module:depends("audit");
-- luacheck: read globals module.audit

module:hook("token-grant-created", function(event)
	module:audit(jid.join(event.username, event.host), "token-grant-created", {
	});
end)

module:hook("token-grant-revoked", function(event)
	module:audit(jid.join(event.username, event.host), "token-grant-revoked", {
	});
end)

module:hook("token-revoked", function(event)
	module:audit(jid.join(event.username, event.host), "token-revoked", {
	});
end)