Mercurial > prosody-modules
view mod_adhoc_account_management/README.markdown @ 5448:9d542e86e19a
mod_http_oauth2: Allow requesting a subset of scopes on token refresh
This enables clients to request access tokens with fewer permissions
than the grant they were given, reducing impact of token leak. Clients
could e.g. request access tokens with some privileges and immediately
revoke them after use, or other strategies.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 11 May 2023 21:40:09 +0200 |
parents | 4d73a1a6ba68 |
children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: Personal account management command ... Introduction ============ This module adds an ad-hoc command that lets an user change their password. This is useful for clients that don't have support for [XEP-0077](http://xmpp.org/extensions/xep-0077.html) style password changing. In the future, it may provide other account management commands. Configuration ============= modules_enabled = { -- other modules -- "adhoc_account_management", } close_sessions_on_password_change = true require_current_password = true require_confirm_password = true Option Default Description --------------------------------------- --------- ---------------------------------------------------------------- close\_sessions\_on\_password\_change true Changing password invalidates other sessions the user may have require\_current\_password true Add a field for the current password require\_confirm\_password true Add a field for confirming the current password Todo ==== Suggestions welcome,