prosody-modules
f2363e6d9a64
mod_discodot/README.markdown
Software / code / prosody-modules
File
mod_discodot/README.markdown @ 5390:f2363e6d9a64
mod_http_oauth2: Advertise the currently supported id_token signing algorithm
This field is REQUIRED. The algorithm RS256 MUST be included, but isn't
because we don't implement it, as that would require implementing a pile
of additional cryptography and JWT stuff. Instead the id_token is
signed using the client secret, which allows verification by the client,
since it's a shared secret per OpenID Connect Core 1.0 § 10.1 under
Symmetric Signatures.
OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that
are not supported here, but that's okay because this is served from the
RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 30 Apr 2023 16:13:40 +0200 |
| parent | 4577:253df0798996 |
line wrap: on
line source
# Flowcharts! Put this module somewhere Prosody will find it and then run `prosodyctl mod_discodot | dot -Tsvg -o disco-graph.svg` to receive a graph like this[^1]: +------------------------+ +------------------------------------------+ | proxy.external.example | <-- | VirtualHost "example.com" | -+ +------------------------+ +------------------------------------------+ | | | | | v | +------------------------------------------+ | | Component "conference.example.com" "muc" | <+ +------------------------------------------+ Example config for the above: ``` {.lua} VirtualHost "xmpp.example.com" disco_items = { { "conference.example.com"; }; { "proxy.external.example"; }; } Component "conference.example.com" "muc" ``` Note the `disco_items` entry causing duplication since subdomains are implicitly added. [^1]: this was actuall made with `graph-easy`
