Software / code / prosody-modules
Changeset
5408:3989c57cc551
mod_http_oauth2: Allow configuring links to policy and terms in metadata
These are for the Authorization Server, here the same as the XMPP
server.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 17:01:02 +0200 |
| parents | 5407:149634647b48 |
| children | 5409:993f28798c75 |
| files | mod_http_oauth2/README.markdown mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 2 files changed, 12 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Tue May 02 16:39:32 2023 +0200 +++ b/mod_http_oauth2/README.markdown Tue May 02 17:01:02 2023 +0200 @@ -138,6 +138,16 @@ } ``` +### Policy documents + +Links to Terms of Service and Service Policy documents can be advertised +for use by OAuth clients: + +```lua +oauth2_terms_url = "https://example.com/terms-of-service.html" +oauth2_policy_url = "https://example.com/service-policy.pdf" +``` + ## Deployment notes ### Access management
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue May 02 16:39:32 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue May 02 17:01:02 2023 +0200 @@ -980,6 +980,8 @@ scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items())); response_types_supported = array(it.keys(response_type_handlers)); token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" }); + op_policy_uri = module:get_option_string("oauth2_policy_url", nil); + op_tos_uri = module:get_option_string("oauth2_terms_url", nil); revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil; revocation_endpoint_auth_methods_supported = array({ "client_secret_basic" }); code_challenge_methods_supported = array(it.keys(verifier_transforms));
