prosody-modules
75dee6127829
mod_http_oauth2/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Diff

mod_http_oauth2/README.markdown @ 5856:75dee6127829 draft

Merge upstream
author Trần H. Trung <xmpp:trần.h.trung@trung.fun>
date Tue, 06 Feb 2024 18:32:01 +0700
parent 5739:426c42c11f89
child 5882:761142ee0ff2
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown	Tue Aug 29 23:51:17 2023 +0700
+++ b/mod_http_oauth2/README.markdown	Tue Feb 06 18:32:01 2024 +0700
@@ -11,7 +11,7 @@
 ## Introduction
 
 This module implements an [OAuth2](https://oauth.net/2/)/[OpenID Connect
-(OIDC)](https://openid.net/connect/) provider HTTP frontend on top of
+(OIDC)](https://openid.net/connect/) Authorization Server on top of
 Prosody's usual internal authentication backend.
 
 OAuth and OIDC are web standards that allow you to provide clients and
@@ -51,6 +51,7 @@
 - [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html)
 - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628)
 - [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://www.rfc-editor.org/rfc/rfc7636)
+- [RFC 7662: OAuth 2.0 Token Introspection](https://www.rfc-editor.org/rfc/rfc7662)
 - [RFC 8628: OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628)
 - [RFC 9207: OAuth 2.0 Authorization Server Issuer Identification](https://www.rfc-editor.org/rfc/rfc9207.html)
 - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
@@ -78,15 +79,6 @@
 oauth2_template_path = "/etc/prosody/custom-oauth2-templates"
 ```
 
-Some templates support additional variables, that can be provided by the
-`oauth2_template_style` option:
-
-```lua
-oauth2_template_style = {
-  background_colour = "#ffffff";
-}
-```
-
 If you know what features your templates use use you can adjust the
 `Content-Security-Policy` header to only allow what is needed:
 
@@ -232,10 +224,10 @@
 ```
 
 The [Proof Key for Code Exchange][RFC 7636] mitigation method is
-optional by default but can be made required:
+required by default but can be made optional:
 
 ```lua
-oauth2_require_code_challenge = true -- default is false
+oauth2_require_code_challenge = false -- default is true
 ```
 
 Further, individual challenge methods can be enabled or disabled:
@@ -243,7 +235,7 @@
 ```lua
 -- These reflects the default
 allowed_oauth2_code_challenge_methods = {
-    "plain"; -- the insecure one
+    -- "plain"; -- insecure but backwards-compatible
     "S256";
 }
 ```