File

util.sasl.oauthbearer: Return username from callback instead using authzid (BC) RFC 6120 states that > If the initiating entity does not wish to act on behalf of another > entity, it MUST NOT provide an authorization identity. Thus it seems weird to require it here. We can instead expect an username from the token data passed back from the profile. This follows the practice of util.sasl.external where the profile callback returns the selected username, making the authentication module responsible for extracting the username from the token.

Thanks for your interest in contributing to the project!

There are many ways to contribute, such as helping improve the
documentation, reporting bugs, spreading the word or testing the latest
development version.

You can find more information on how to contribute at <https://prosody.im/doc/contributing>

See also the HACKERS and README files.