File

mod_invites_page/README.markdown @ 5705:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parent 5141:027fb71ad509
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: 'Generate friendly web page for invitations'
rockspec:
  dependencies:
  - mod_register_apps
  build:
    copy_directories:
    - html
    - static
...

Introduction
============

This module is part of the suite of modules that implement invite-based
account registration for Prosody. The other modules are:

- [mod_invites]
- [mod_invites_adhoc]
- [mod_invites_register]
- [mod_invites_register_web]
- [mod_invites_api]
- [mod_register_apps]

For details and a full overview, start with the [mod_invites] documentation.

Details
=======

mod_invites_page provides a unique web page for each generated invitation.
Without this module, Prosody will only be able to generate invite links as
`xmpp:` URIs (they look something like `xmpp:example.com?register;preauth=29Xbxr91`).
URIs will only work if the invited user already has an XMPP client installed.
This is usually not the case.

This module transforms the URI into a friendly web page that can be shared
via any method (email, SMS, etc.), and opened in any browser. The page explains
the invitation and guides the user to set up their account using one of a
configurable list of XMPP clients (to configure the list, see mod_register_apps
documentation).

Configuration
=============

| Name                      | Description                                                                    | Default                                             |
|---------------------------|--------------------------------------------------------------------------------|-----------------------------------------------------|
| invites_page              | The format of an invite page URL (must begin with `https://`)                  | `"https://{host}:5281/invites_page?{invite.token}"` |
| invites_registration_page | The format of an invite registration page URL (may be relative to invites_page)| `"register?t={invite.token}&c={app.id}"`            |
| site_name                 | The friendly name of the server                                                | `"example.com"`                                     |
| invites_page_external     | Set this to true if your invitation pages will be rendered by something else   | `false`                                             |

The `invites_page` and `invites_registration_page` options are templates
that support a number of variables. The most useful being `{host}` and
`{invite.token}`.

All the usual [HTTP configuration options](https://prosody.im/doc/http)
can be used to configure this module. In particular, if you run Prosody
behind a reverse proxy such as nginx or Apache, you will probably want
to set `http_external_url` so that Prosody knows what URLs should look
like for users.

If you want to disable this module's built-in pages and use an external
invitation page generator (such as [ge0rg/easy-xmpp-invitation](https://github.com/ge0rg/easy-xmpp-invitation)
then set `invites_page_external = true` and set `invites_page` to the
appropriate URL for your installation.