prosody-modules
0a6d2b79a8bf
mod_auth_oauth_external/README.md
Software / code / prosody-modules
Comparison
mod_auth_oauth_external/README.md @ 5344:0a6d2b79a8bf
mod_auth_oauth_external: Authenticate against an OAuth 2 provider
But suddenly unsure whether this constitutes an OAuth "client" or
something else? Resource server maybe?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 12:45:22 +0100 |
| child | 5345:3390bb2f9f6c |
comparison
equal
deleted
inserted
replaced
| 5343:5c1c70e52635 | 5344:0a6d2b79a8bf |
|---|---|
| 1 --- | |
| 2 summary: Authenticate against an external OAuth 2 IdP | |
| 3 labels: | |
| 4 - Stage-Alpha | |
| 5 --- | |
| 6 | |
| 7 This module provides external authentication via an external [AOuth | |
| 8 2](https://datatracker.ietf.org/doc/html/rfc7628) authorization server | |
| 9 and supports the [SASL OAUTHBEARER authentication][rfc7628] | |
| 10 mechanism. | |
| 11 | |
| 12 # How it works | |
| 13 | |
| 14 Clients retrieve tokens somehow, then show them to Prosody, which asks | |
| 15 the Authorization server to validate them, returning info about the user | |
| 16 back to Prosody. | |
| 17 | |
| 18 # Configuration | |
| 19 | |
| 20 `oauth_external_discovery_url` | |
| 21 : Optional URL string pointing to [OAuth 2.0 Authorization Server | |
| 22 Metadata](https://oauth.net/2/authorization-server-metadata/). Lets | |
| 23 clients discover where they should retrieve access tokens from if | |
| 24 they don't have one yet. | |
| 25 | |
| 26 `oauth_external_validation_endpoint` | |
| 27 : URL string. The token validation endpoint, should validate the token | |
| 28 and return a JSON structure containing the username of the user | |
| 29 logging in the field specified by `oauth_external_username_field`. | |
| 30 Commonly the [OpenID `UserInfo` | |
| 31 endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) | |
| 32 | |
| 33 `oauth_external_username_field` | |
| 34 : String. Default is `"preferred_username"`. Field in the JSON | |
| 35 structure returned by the validation endpoint that contains the XMPP | |
| 36 localpart. | |
| 37 | |
| 38 # Compatibility | |
| 39 | |
| 40 Version Status | |
| 41 --------- --------------- | |
| 42 trunk works | |
| 43 0.12.x does not work | |
| 44 0.11.x does not work |
