view mod_compat_dialback/README.markdown @ 5617:d8622797e315

mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.
author Kim Alvefur <zash@zash.se>
date Mon, 24 Jul 2023 01:30:14 +0200
parents 41ebdb331b94
children
line wrap: on
line source

---
summary: Workaround for Dialback with some servers that violate RFC 6120
...

This module provides a workaround for servers that do not set the `to`
attribute on stream headers, which is required per [RFC6120]:

> ## 4.7.2. to
> 
> For initial stream headers in both client-to-server and
> server-to-server communication, the initiating entity MUST include the
> 'to' attribute and MUST set its value to a domainpart that the
> initiating entity knows or expects the receiving entity to service.

As a side effect of [this issue](https://prosody.im/issues/issue/285),
Prosody 0.10 will be unable to do [Dialback][xep220] with servers that
don't follow this.

# Known servers affected

* Openfire 3.10.2 (and probably earlier versions)