--- a/mod_http_oauth2/README.markdown Sun Mar 03 18:06:47 2024 +0000
+++ b/mod_http_oauth2/README.markdown Tue Mar 05 00:32:00 2024 +0100
@@ -102,7 +102,7 @@
client registration.
Dynamic client registration can be enabled by configuring a JWT key. Algorithm
-defaults to *HS256* lifetime defaults to forever.
+defaults to *HS256*, lifetime defaults to forever.
```lua
oauth2_registration_key = "securely generated JWT key here"
@@ -202,7 +202,7 @@
- Authorization Code grant, optionally with Proof Key for Code Exchange
- Device Authorization Grant
-- Resource owner password grant *(likely to be phased out in the future)*
+- Resource owner password grant *(disabled by default)*
- Implicit flow *(disabled by default)*
- Refresh Token grants
@@ -214,7 +214,7 @@
allowed_oauth2_grant_types = {
"authorization_code"; -- authorization code grant
"device_code";
- "password"; -- resource owner password grant
+ -- "password"; -- resource owner password grant disabled by default
}
allowed_oauth2_response_types = {