Software /
code /
prosody-modules
File
mod_s2sout_override/README.md @ 5512:1fbc8718bed6
mod_http_oauth2: Bind refresh tokens to client
Prevent one OAuth client from using the refresh tokens issued to another
client as required by RFC 6819 section 5.2.2.2
See also draft-ietf-oauth-security-topics-22 section 2.2.2
Thanks to OAuch for pointing out this issue
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 02 Jun 2023 10:40:48 +0200 |
parent | 5487:6cf2f32dbf40 |
child | 5631:b87a23b45725 |
line wrap: on
line source
--- summary: Override s2s connection targets --- This module replaces [mod_s2soutinjection] and uses more modern and reliable methods for overriding connection targets. # Configuration Enable the module as usual, then specify a map of XMPP remote hostnames to URIs like `"tcp://host.example:port"`, to have Prosody connect there instead of doing normal DNS SRV resolution. Currently supported schemes are `tcp://` and `tls://`. A future version could support more methods including alternate SRV lookup targets or even UNIX sockets. URIs with IP addresses like `tcp://127.0.0.1:9999` will bypass A/AAAA DNS lookups. ```lua -- Global section modules_enabled = { -- other global modules "s2sout_override"; } s2sout_override = { ["example.com"] = "tcp://other.host.example:5299"; ["xmpp.example.net"] = "tcp://localhost:5999"; ["secure.example"] = = "tls://127.0.0.1:5270"; } ``` # Compatibility Prosody version status --------------- ---------- 0.12.4 Will work 0.12.3 Will not work 0.11 Will not work