Software /
code /
prosody-modules
Comparison
mod_http_oauth2/README.markdown @ 5467:1c78a97a1091
mod_http_oauth2: Add a special "xmpp" scope that grants the users' default role
This will be the first step towards defining a standard set of XMPP
scopes. "xmpp" behaves as an alias for the user's default role, so that
the client does not need to know about the various prosody:* roles.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 17 May 2023 19:40:27 +0200 |
parent | 5465:66e13e79928b |
child | 5493:cae3bb3dd45f |
comparison
equal
deleted
inserted
replaced
5466:398d936e77fb | 5467:1c78a97a1091 |
---|---|
163 | 163 |
164 ### Scopes | 164 ### Scopes |
165 | 165 |
166 OAuth supports "scopes" as a way to grant clients limited access. | 166 OAuth supports "scopes" as a way to grant clients limited access. |
167 | 167 |
168 There are currently no standard scopes defined for XMPP. This is something | 168 There are currently no standard scopes defined for XMPP. This is |
169 that we intend to change, e.g. by definitions provided in a future XEP. This | 169 something that we intend to change, e.g. by definitions provided in a |
170 means that clients you authorize currently have unrestricted access to your | 170 future XEP. This means that clients you authorize currently have to |
171 account (including the ability to change your password and lock you out!). So, | 171 choose between unrestricted access to your account (including the |
172 for now, while using OAuth clients can prevent leaking your password to them, | 172 ability to change your password and lock you out!) and zero access. So, |
173 it is not currently suitable for connecting untrusted clients to your account. | 173 for now, while using OAuth clients can prevent leaking your password to |
174 them, it is not currently suitable for connecting untrusted clients to | |
175 your account. | |
176 | |
177 As a first step, the `xmpp` scope is supported, and corresponds to | |
178 whatever permissions the user would have when logged in over XMPP. | |
179 | |
180 Further, known Prosody roles can be used as scopes. | |
181 | |
182 OpenID scopes such as `openid` and `profile` can be used for "Login | |
183 with XMPP" without granting access to more than limited profile details. | |
174 | 184 |
175 ## Compatibility | 185 ## Compatibility |
176 | 186 |
177 Requires Prosody trunk (April 2023), **not** compatible with Prosody 0.12 or | 187 Requires Prosody trunk (April 2023), **not** compatible with Prosody 0.12 or |
178 earlier. | 188 earlier. |