prosody-modules
59d5fc50f602
mod_nooffline_noerror/mod_nooffline_noerror.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_nooffline_noerror/mod_nooffline_noerror.lua @ 5623:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200
parent 3970:e0f3e29ab18a
line wrap: on
line source

-- Ignore disabled offline storage
--
-- Copyright (C) 2019-2020 Thilo Molitor
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

-- depend on mod_mam to make sure mam is at least loaded and active
module:depends "mam";

-- ignore offline messages and don't return any error (the message will be already in MAM at this point)
-- this is *only* triggered if mod_offline is *not* loaded and completely ignored otherwise
module:hook("message/offline/handle", function(event)
	local log = event.origin and event.origin.log or module._log;
	if log then
		log("info", "Ignoring offline message (mod_offline seems *not* to be loaded)...");
	end
	return true;
end, -100);