Software / code / prosody-modules
Annotate
mod_oidc_userinfo_vcard4/README.md @ 5405:c7a5caad28ef
mod_http_oauth2: Enforce response type encoded in client_id
The client promises to only use this response type, so we should hold
them to that.
This makes it fail earlier if the response type is disabled or the
client is trying to use one that it promised not to use. Better than
failing after login and consent.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:31:25 +0200 |
| parent | 5350:f8ec43db580b |
| child | 5503:320593cf7d90 |
| rev | line source |
|---|---|
|
5350
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 summary: OIDC UserInfo profile details from vcard4 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 labels: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 - Stage-Alpha |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 rockspec: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 dependencies: |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 - mod_http_oauth2 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 --- |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 This module extracts profile details from the user's [vcard4][XEP-0292] |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 and provides them in the [UserInfo] endpoint of [mod_http_oauth2] to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 clients the user grants authorization. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 Whether this is really needed is unclear at this point. When logging in |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 with an XMPP client, it could fetch the actual vcard4 to retrieve these |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 details, so the UserInfo details would probably primarily be useful to |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 other OAuth 2 and OIDC clients. |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
f8ec43db580b
mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 [UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse |
