Mercurial > prosody-modules

view mod_http_oauth2/README.markdown @ 5202:b81fd0d22c66

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Calculate client secret expiry in registration response Not actually the client_secret that expires, but the client_id JWT. Returning '0' indicating no expiry was incorrect unless JWT expiry is turned off, which we check for now.
author Kim Alvefur <zash@zash.se>
date Sat, 04 Mar 2023 17:06:47 +0100
parents 164a9875935b
children 3235b8bd1e55
line wrap: on
line source

---
labels:
- Stage-Alpha
summary: 'OAuth2 API'
...

Introduction
============

This module is a work-in-progress intended for developers only!

Configuration
=============

Dynamic client registration enabled by configuring a JWT key. Algorithm
defaults to *HS256*.

```lua
oauth2_registration_key = "securely generated JWT key here"
oauth2_registration_algorithm = "HS256"
oauth2_registration_options = { default_ttl = 60 * 60 * 24 * 90 }
```

Various flows can be disabled and enabled with
`allowed_oauth2_grant_types` and `allowed_oauth2_response_types`:

```lua
allowed_oauth2_grant_types = {
	"authorization_code"; -- authorization code grant
	"password"; -- resource owner password grant
}

allowed_oauth2_response_types = {
	"code"; -- authorization code flow
    -- "token"; -- implicit flow disabled by default
}
```


Compatibility
=============

Requires Prosody 0.12+ or trunk.