Software /
code /
prosody-modules
Annotate
mod_authz_delegate/README.md @ 5520:67448e677706
mod_http_oauth2/README: Expand summary to include OAuth 2.0 role
This module implements the Authorization Server parts of OAuth 2.0, so
having the summary say that seems sensible.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 07 Jun 2023 01:43:35 +0200 |
parent | 5288:f61564b522f7 |
rev | line source |
---|---|
5288
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 --- |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 summary: Authorization delegation |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
3 rockspec: {} |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
4 ... |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
5 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
6 This module allows delegating authorization questions (role assignment and |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
7 role policies) to another host within prosody. |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
8 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 The primary use of this is for a group of virtual hosts to use a common |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 authorization database, for example to allow a MUC component to grant |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
11 administrative access to an admin on a corresponding user virtual host. |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
12 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 ## Configuration |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 The following example will make all role assignments for local and remote JIDs |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
16 from domain.example effective on groups.domain.example: |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
17 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
18 ``` |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
19 VirtualHost "domain.example" |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
20 |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
21 Component "groups.domain.example" "muc" |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
22 authorization = "delegate" |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 authz_delegate_to = "domain.example" |
f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 ``` |