Software / code / prosody-modules
Annotate
mod_s2s_keepalive/README.markdown @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parent | 3768:bfc4d495bf2c |
| rev | line source |
|---|---|
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
1 --- |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
2 summary: Keepalive s2s connections |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
3 ... |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
4 |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
5 Introduction |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
6 ============ |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
7 |
|
2162
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
8 This module periodically sends [XEP-0199] ping requests to remote servers |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
9 to keep your connection alive. |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
10 |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
11 Configuration |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
12 ============= |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
13 |
|
3065
49254b9cc751
mod_s2s_keepalive/README: Clarify options (fixes #675)
Kim Alvefur <zash@zash.se>
parents:
2162
diff
changeset
|
14 Simply add the module to the `modules_enabled` list like any other |
|
49254b9cc751
mod_s2s_keepalive/README: Clarify options (fixes #675)
Kim Alvefur <zash@zash.se>
parents:
2162
diff
changeset
|
15 module. By default, all current s2s connections will be pinged |
|
49254b9cc751
mod_s2s_keepalive/README: Clarify options (fixes #675)
Kim Alvefur <zash@zash.se>
parents:
2162
diff
changeset
|
16 periodically. To ping only a subset of servers, list these in |
|
49254b9cc751
mod_s2s_keepalive/README: Clarify options (fixes #675)
Kim Alvefur <zash@zash.se>
parents:
2162
diff
changeset
|
17 `keepalive_servers`. The ping interval can be set using |
|
49254b9cc751
mod_s2s_keepalive/README: Clarify options (fixes #675)
Kim Alvefur <zash@zash.se>
parents:
2162
diff
changeset
|
18 `keepalive_interval`. |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
19 |
|
3768
bfc4d495bf2c
mod_s2s_keepalive: Update README to document timeout behavior
Kim Alvefur <zash@zash.se>
parents:
3767
diff
changeset
|
20 If no response to the ping has been received in about 10 minutes (or |
|
bfc4d495bf2c
mod_s2s_keepalive: Update README to document timeout behavior
Kim Alvefur <zash@zash.se>
parents:
3767
diff
changeset
|
21 `keepalive_timeout` seconds) the s2s connections are closed. |
|
bfc4d495bf2c
mod_s2s_keepalive: Update README to document timeout behavior
Kim Alvefur <zash@zash.se>
parents:
3767
diff
changeset
|
22 |
|
2162
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
23 ``` lua |
|
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
24 modules_enabled = { |
|
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
25 ... |
|
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
26 "s2s_keepalive" |
|
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
27 } |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
28 |
|
2162
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
29 keepalive_servers = { "conference.prosody.im"; "rooms.swift.im" } |
|
3767
7fe10086e124
mod_s2s_keepalive: Update config example (why was the number a string?)
Kim Alvefur <zash@zash.se>
parents:
3729
diff
changeset
|
30 keepalive_interval = 90 -- (in seconds, default is 60 ) |
|
3768
bfc4d495bf2c
mod_s2s_keepalive: Update README to document timeout behavior
Kim Alvefur <zash@zash.se>
parents:
3767
diff
changeset
|
31 keepalive_timeout = 300 -- (in seconds, default is 593 ) |
|
2162
f1ea8044f9f8
mod_s2s_keepalive/README: Give language hints to rendering for syntax hilighting
Kim Alvefur <zash@zash.se>
parents:
1902
diff
changeset
|
32 ``` |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
33 |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
34 Compatibility |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
35 ============= |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
36 |
|
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
37 ------- ----------------------- |
|
3729
75299ac7e258
mod_s2s_keepalive: Add 0.11 in Compatibility table
Kim Alvefur <zash@zash.se>
parents:
3723
diff
changeset
|
38 0.11 Works |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
39 0.10 Works |
|
1902
6e712ce58edf
mod_s2s_keepalive/README: Update to say it works with 0.8
Kim Alvefur <zash@zash.se>
parents:
1901
diff
changeset
|
40 0.9 Works |
|
1901
392e62f518a5
mod_s2s_keepalive: Add README
Michael Töglhofer <michael@toeglhofer.net>
parents:
diff
changeset
|
41 ------- ----------------------- |
