Mercurial > prosody-modules

view mod_restrict_xmpp/README.markdown @ 5390:f2363e6d9a64

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Advertise the currently supported id_token signing algorithm This field is REQUIRED. The algorithm RS256 MUST be included, but isn't because we don't implement it, as that would require implementing a pile of additional cryptography and JWT stuff. Instead the id_token is signed using the client secret, which allows verification by the client, since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under Symmetric Signatures. OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that are not supported here, but that's okay because this is served from the RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
author Kim Alvefur <zash@zash.se>
date Sun, 30 Apr 2023 16:13:40 +0200
parents 459a4001c1d9
children 62654f523c6a
line wrap: on
line source

---
labels:
- Stage-Alpha
summary: XMPP-layer access control for Prosody
---

Introduction
============

This module enforces access policies using Prosody's new [roles and
permissions framework](https://prosody.im/doc/developers/permissions). It can
be used to grant restricted access to an XMPP account or services.

This module is still in its early stages, and prone to change. Feedback from
testers is welcome. At this early stage, it should not be solely relied upon
for account security purposes.

Configuration
=============

There is no configuration, apart from Prosody's normal roles and permissions
configuration.

Permissions
===========

`xmpp:federate`
: Communicate with other users and services on other hosts on the XMPP network
`xmpp:account:messages:read`
: Read incoming messages
`xmpp:account:messages:write`
: Send outgoing messages
`xmpp:account:presence:write`
: Update presence for the account
`xmpp:account:contacts:read`/`xmpp:account:contacts:write`
: Controls access to the contact list (roster)
`xmpp:account:bookmarks:read`/`xmpp:account:bookmarks:write`
: Controls access to the bookmarks (group chats list)
`xmpp:account:profile:read`/`xmpp:account:profile:write`
: Controls access to the user's profile (e.g. vCard/avatar)
`xmpp:account:omemo:read`/`xmpp:account:omemo:write`
: Controls access to the user's OMEMO data
`xmpp:account:blocklist:read`/`xmpp:account:blocklist:write`
: Controls access to the user's block list
`xmpp:account:disco:read`
: Controls access to the user's service discovery information

Compatibility
=============

Requires Prosody trunk 72f431b4dc2c (build 1444) or later.