Software /
code /
prosody-modules
Diff
mod_http_oauth2/README.markdown @ 5384:b40f29ec391a
mod_http_oauth2: Allow configuring PKCE challenge methods
You'd pretty much only want this to disable the 'plain' method, since it
doesn't seem to add that much security?
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 29 Apr 2023 13:09:49 +0200 |
parent | 5383:df11a2cbc7b7 |
child | 5408:3989c57cc551 |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Sat Apr 29 13:09:46 2023 +0200 +++ b/mod_http_oauth2/README.markdown Sat Apr 29 13:09:49 2023 +0200 @@ -129,6 +129,15 @@ oauth2_require_code_challenge = true ``` +Further, individual challenge methods can be enabled or disabled: + +```lua +allowed_oauth2_code_challenge_methods = { + "plain"; -- the insecure one + "S256"; +} +``` + ## Deployment notes ### Access management