Annotate

mod_authz_delegate/README.md @ 5462:f6d8830a83fe

mod_http_oauth2: Return proper OAuth error for invalid redirect URI An unspecific status code of 400 isn't very helpful, this should at least provide a hint as to what is wrong.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 16:34:19 +0200
parent 5288:f61564b522f7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5288
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
1 ---
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
2 summary: Authorization delegation
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
3 rockspec: {}
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
4 ...
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
5
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
6 This module allows delegating authorization questions (role assignment and
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
7 role policies) to another host within prosody.
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
8
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
9 The primary use of this is for a group of virtual hosts to use a common
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
10 authorization database, for example to allow a MUC component to grant
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
11 administrative access to an admin on a corresponding user virtual host.
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
12
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
13 ## Configuration
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
14
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
15 The following example will make all role assignments for local and remote JIDs
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
16 from domain.example effective on groups.domain.example:
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
17
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
18 ```
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
19 VirtualHost "domain.example"
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
20
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
21 Component "groups.domain.example" "muc"
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
22 authorization = "delegate"
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
23 authz_delegate_to = "domain.example"
f61564b522f7 mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
24 ```