Software / code / prosody-modules
Annotate
mod_oidc_userinfo_vcard4/README.md @ 5666:73c3d5bfce3e
mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt
If the OIDC 'prompt' parameter does not contain the 'select_account'
then it wants us to skip account selection, which means we have to
figure which account to authenticate somehow. One way could be have
this stored in a cookie from a previous successful login. Another way
would be to have the account passed as a hint, which is what we add
here.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 09 Sep 2023 21:42:24 +0200 |
| parent | 5503:320593cf7d90 |
| rev | line source |
|---|---|
|
5350
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 summary: OIDC UserInfo profile details from vcard4 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 labels: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 - Stage-Alpha |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 rockspec: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 dependencies: |
|
5503
320593cf7d90
mod_oidc_userinfo_vcard4: Advertise OpenID scopes via new mechanism
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
7 - mod_http_oauth2 >= 200 |
|
5350
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 This module extracts profile details from the user's [vcard4][XEP-0292] |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 and provides them in the [UserInfo] endpoint of [mod_http_oauth2] to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 clients the user grants authorization. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 Whether this is really needed is unclear at this point. When logging in |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 with an XMPP client, it could fetch the actual vcard4 to retrieve these |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 details, so the UserInfo details would probably primarily be useful to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 other OAuth 2 and OIDC clients. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 [UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse |
