Software /
code /
prosody-modules
Diff
mod_http_oauth2/README.markdown @ 5383:df11a2cbc7b7
mod_http_oauth2: Implement RFC 7628 Proof Key for Code Exchange
Likely to become mandatory in OAuth 2.1.
Backwards compatible since the default 'plain' verifier would compare
nil with nil if the relevant parameters are left out.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 29 Apr 2023 13:09:46 +0200 |
parent | 5328:dd8616e68cb3 |
child | 5384:b40f29ec391a |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Sat Apr 29 11:26:04 2023 +0200 +++ b/mod_http_oauth2/README.markdown Sat Apr 29 13:09:46 2023 +0200 @@ -46,6 +46,7 @@ - [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749) - [RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth](https://www.rfc-editor.org/rfc/rfc7628) +- [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://www.rfc-editor.org/rfc/rfc7636) - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) - [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) & [RFC 7591: OAuth 2.0 Dynamic Client Registration](https://www.rfc-editor.org/rfc/rfc7591.html) - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) @@ -121,6 +122,13 @@ } ``` +The [Proof Key for Code Exchange][RFC 7636] mitigation method can be +made required: + +```lua +oauth2_require_code_challenge = true +``` + ## Deployment notes ### Access management