File

mod_register_oob_url/README.markdown @ 5623:59d5fc50f602

mod_http_oauth2: Implement refresh token rotation Makes refresh tokens one-time-use, handing out a new refresh token with each access token. Thus if a refresh token is stolen and used by an attacker, the next time the legitimate client tries to use the previous refresh token, it will not work and the attack will be noticed. If the attacker does not use the refresh token, it becomes invalid after the legitimate client uses it. This behavior is recommended by draft-ietf-oauth-security-topics
author Kim Alvefur <zash@zash.se>
date Sun, 23 Jul 2023 02:56:08 +0200 (17 months ago)
parent 2860:a7c2df6b2662
line wrap: on
line source
---
labels:
- 'Stage-Alpha'
summary: 'XEP-077 IBR registration URL redirect'
---

Introduction
============

Registration redirect to out of band URL as described in  [XEP-0077: In-Band Registration](http://xmpp.org/extensions/xep-0077.html#redirect).

Details
=======

The already existing module `mod_register_redirect` doesn’t add a stream feature advertising its capabilities  and thus doesn’t work with clients like Conversations.

This module tries to take a simpler and more straight forward approach for admins who just want to redirect to an URL and do not need the features provided by `mod_register_redirect`.

Usage
=====

Set `allow_registration` to `false` and point `register_oob_url` to the URL that handles your registration.

Compatibility
=============

  ----- -----------------------------------------------------------------------------
  0.10  Works
  ----- -----------------------------------------------------------------------------