Software / code / prosody-modules
Annotate
mod_welcome_page/README.markdown @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 03 Mar 2023 21:14:19 +0100 |
| parent | 4605:ffb709728210 |
| child | 5481:03a647d2837e |
| rev | line source |
|---|---|
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 --- |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 labels: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 - 'Stage-Beta' |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 summary: 'Serve a welcome page to users' |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 rockspec: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 dependencies: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 - mod_invites |
|
4605
ffb709728210
mod_welcome_page: Add dependency on mod_http_libjs
Kim Alvefur <zash@zash.se>
parents:
4184
diff
changeset
|
8 - mod_http_libjs |
|
4184
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 build: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 copy_directories: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 - html |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 ... |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 Introduction |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 ============ |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 This module serves a welcome page to users, and allows them to create an |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 account invite via the web on invite-only servers. |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 The page template and policy of when to allow account creation are both |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 possible to override. |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 This module is part of the suite of modules that implement invite-based |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 account registration for Prosody. The other modules are: |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 - mod_invites |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 - mod_invites_adhoc |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 - mod_invites_page |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 - mod_invites_register |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 - mod_invites_register_web |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 - mod_register_apps |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 For details and a full overview, start with the mod_invites documentation. |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 Configuration |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 ======= |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 `welcome_page_template_path` |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 : The path to a directory containing the page templates and assets. See |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 the module source for the example template. |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 `welcome_page_variables` |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 : Optional variables to pass to the template, available as `{var.name}` |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 `welcome_page_open_registration` |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 : Whether to allow account creation in the absence of any other plugin |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 overriding the policy. Defaults to `false` unless `registration_invite_only` |
|
9127fa98ee1e
mod_welcome_page: New module to provide a friendly entrypoint to invite-based setups
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 is set to `false`. |
