mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.

This module lets you block connections to remote servers at the s2s
level.

``` {.lua}
modules_enabled = {
    -- other modules --
    "s2s_blacklist",

}
s2s_blacklist = {
    "proxy.eu.jabber.org",
}
```