prosody
9e5802b45b9e
spec/scansion/keep_full_sub_req.scs
Software / code / prosody
File
spec/scansion/keep_full_sub_req.scs @ 13073:9e5802b45b9e
mod_tokenauth: Only check if expiry of expiring tokens
Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime
explicitly bounded here, but rather be bounded by the lifetime of
something else, like the OAuth2 client.
Open question: Would it be better to enforce a lifetime on all tokens?
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 12 Apr 2023 10:21:32 +0200 |
| parent | 10515:35bf3b80480f |
line wrap: on
line source
# server MUST keep a record of the complete presence stanza comprising the subscription request (#689) [Client] Alice jid: pars-a@localhost password: password [Client] Bob jid: pars-b@localhost password: password [Client] Bob's phone jid: pars-b@localhost/phone password: password --------- Alice connects Alice sends: <presence to="${Bob's JID}" type="subscribe"> <preauth xmlns="urn:xmpp:pars:0" token="1tMFqYDdKhfe2pwp" /> </presence> Alice disconnects Bob connects Bob sends: <presence/> Bob receives: <presence from="${Bob's full JID}"/> Bob receives: <presence from="${Alice's JID}" type="subscribe"> <preauth xmlns="urn:xmpp:pars:0" token="1tMFqYDdKhfe2pwp" /> </presence> Bob disconnects # Works if they reconnect too Bob's phone connects Bob's phone sends: <presence/> Bob's phone receives: <presence from="${Bob's phone's full JID}"/> Bob's phone receives: <presence from="${Alice's JID}" type="subscribe"> <preauth xmlns="urn:xmpp:pars:0" token="1tMFqYDdKhfe2pwp" /> </presence> Bob's phone disconnects
