Mercurial > prosody-modules
view mod_sasl_ssdp/README.markdown @ 5796:93d6e9026c1b
mod_http_oauth2: Do not enforce PKCE on Device and OOB flows
PKCE does not appear to be used with the Device flow. I have found no
mention of any interaction between those standards. Since no data is
delivered via redirects in these cases, PKCE may not serve any purpose.
This is mostly a problem because we reuse the authorization code to
implement the Device and OOB flows.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 15 Dec 2023 12:10:07 +0100 |
| parents | 3a7349aa95c7 |
| children | 61bee1be6db3 |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: 'XEP-0474: SASL SCRAM Downgrade Protection' ... Introduction ============ This module implements the experimental XEP-0474: SASL SCRAM Downgrade Protection. It provides an alternative downgrade protection mechanism to client-side pinning which is currently the most common method of downgrade protection. **Note:** This module implements version 0.3.0 of XEP-0474. As of 2023-12-05, this version is not yet published on xmpp.org. Version 0.3.0 of the XEP is implemented in Monal 6.0.1. No other clients are currently known to implement the XEP at the time of writing. # Configuration There are no configuration options for this module, just load it as normal. # Compatibility For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module. For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or later. It is not compatible with Prosody 0.12 (it will load, but simply won't do anything) for "legacy SASL".