Mercurial > prosody-modules
view mod_poke_strangers/README.markdown @ 5617:d8622797e315
mod_http_oauth2: Shorten default token validity periods
With refresh tokens, short lifetime for access tokens is not a problem.
The arbitrary choice of one hour seems reasonable. RFC 6749 has it as
example value.
One week for refresh tokens matching the default archive retention
period. This means that a client that remains unused for one week will
have to sign in again. An actively used client will continually push
that forward with each used refresh token.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Jul 2023 01:30:14 +0200 |
| parents | 06faf7a149e3 |
| children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: 'Query the features and version of JIDs sending messages to contacts they are not subscribed to.' ... Introduction ============ In order to build heuristics for which messages are spam, it is necessary to log as many details as possible about the spammers. This module sends a version and disco query whenever a message is received from a JID to a user it is not subscribed to. The results are printed to Prosody's log file at the 'info' level. Queried full JIDs are not queried again until Prosody restarts. The queries are sent regardless of whether the local user exists, so it does not reveal if an account is active. Compatibility ============= ----- ------- 0.9 Works ----- -------