prosody
055b03d3059b
certs/makefile
Software / code / prosody
File
certs/makefile @ 12938:055b03d3059b
util.sasl.oauthbearer: Return username from callback instead using authzid (BC)
RFC 6120 states that
> If the initiating entity does not wish to act on behalf of another
> entity, it MUST NOT provide an authorization identity.
Thus it seems weird to require it here. We can instead expect an
username from the token data passed back from the profile.
This follows the practice of util.sasl.external where the profile
callback returns the selected username, making the authentication module
responsible for extracting the username from the token.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 12:18:23 +0100 |
| parent | 8593:c4222e36333c |
line wrap: on
line source
.DEFAULT: localhost.crt keysize=2048 # How to: # First, `make yourhost.cnf` which creates a openssl config file. # Then edit this file and fill in the details you want it to have, # and add or change hosts and components it should cover. # Then `make yourhost.key` to create your private key, you can # include keysize=number to change the size of the key. # Then you can either `make yourhost.csr` to generate a certificate # signing request that you can submit to a CA, or `make yourhost.crt` # to generate a self signed certificate. ${.TARGETS:M*.crt}: openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout ${.TARGET:R}.key \ -days 365 -sha256 -out $@ -utf8 -subj /CN=${.TARGET:R} .SUFFIXES: .key .crt
