Software / code / prosody-modules
Annotate
mod_invites_tracking/README.md @ 5623:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:56:08 +0200 |
| parent | 4394:32f1f18f4874 |
| rev | line source |
|---|---|
|
4394
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 --- |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 labels: |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
3 - 'Stage-Alpha' |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
4 summary: 'Store who created the invite to create a user account' |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
5 ... |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
6 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
7 Introduction |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
8 ============ |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 Invites are an intermediate way between opening registrations completely and |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
11 closing registrations completely. |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
12 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 By letting users invite other users to the server, an administrator exposes |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 themselves again to the risk of abuse. |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
16 To combat that abuse more effectively, this module allows to store (outside |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
17 of the user’s information) who created an invite which was used to create the |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
18 user’s account. |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
19 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
20 Details |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
21 ======= |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
22 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 Add to `modules_enabled`. |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
25 Caveats |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
26 ======= |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
27 |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
28 - The information is not deleted even when the associated user accounts are |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
29 deleted. |
|
32f1f18f4874
mod_invites_tracking: simple module to store who created an invite
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
30 - Currently, there is no way to make any use of that information. |
