Mercurial > prosody-modules
changeset 5858:761142ee0ff2
mod_http_oauth2: Reflect changes to defaults etc
- Resource owner password grant was disabled by default
- Tokens now include a hash of client_id making it possible to be
reasonable sure that they were issued to a particular client
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 05 Mar 2024 00:32:00 +0100 |
parents | ff90dad75352 |
children | 259ffdbf8906 |
files | mod_http_oauth2/README.markdown mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 2 files changed, 4 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Sun Mar 03 18:06:47 2024 +0000 +++ b/mod_http_oauth2/README.markdown Tue Mar 05 00:32:00 2024 +0100 @@ -102,7 +102,7 @@ client registration. Dynamic client registration can be enabled by configuring a JWT key. Algorithm -defaults to *HS256* lifetime defaults to forever. +defaults to *HS256*, lifetime defaults to forever. ```lua oauth2_registration_key = "securely generated JWT key here" @@ -202,7 +202,7 @@ - Authorization Code grant, optionally with Proof Key for Code Exchange - Device Authorization Grant -- Resource owner password grant *(likely to be phased out in the future)* +- Resource owner password grant *(disabled by default)* - Implicit flow *(disabled by default)* - Refresh Token grants @@ -214,7 +214,7 @@ allowed_oauth2_grant_types = { "authorization_code"; -- authorization code grant "device_code"; - "password"; -- resource owner password grant + -- "password"; -- resource owner password grant disabled by default } allowed_oauth2_response_types = {
--- a/mod_http_oauth2/mod_http_oauth2.lua Sun Mar 03 18:06:47 2024 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Mar 05 00:32:00 2024 +0100 @@ -1128,7 +1128,7 @@ headers = { content_type = "application/json" }; body = json.encode { active = true; - client_id = credentials.username; -- We don't really know for sure + client_id = credentials.username; -- Verified via client hash username = jid.node(token_info.jid); scope = token_info.grant.data.oauth2_scopes; token_type = purpose_map[token_info.purpose];