mod_http_oauth2: Use new mod_cron API for periodic cleanup Less frequent but this isn't that important after all since, as the comment states, expired codes are not usable anyway. They're also not that large so memory usage probably doesn't matter.

mod_audit_status: Fix error on first start Fixes 'attempt to index a nil value' the first time this module is loaded, since there's no data yet.

mod_muc_rtbl: Use correct occupant object There is no 'occupant' property for this event.

mod_audit: Move underscore to avoid luacheck warning Underscore as prefix is taken as a signal that the variable is unused, but then it is used and luacheck makes noise about that.

mod_oidc_userinfo_vcard4: Provide profile details in mod_http_oauth2

mod_auth_oauth_external: Add configuration example

mod_auth_oauth_external: Linkify password grant

mod_auth_oauth_external: Some notes in README

mod_auth_oauth_external: Allow setting identity instead of discovery URL Shorter and the .well-known part is, well, well-known.

mod_auth_oauth_external: Support PLAIN via resource owner password grant Might not be supported by the backend but PLAIN is the lowest common denominator, so not having it would lock out a lot of clients.

mod_auth_oauth_external: Authenticate against an OAuth 2 provider But suddenly unsure whether this constitutes an OAuth "client" or something else? Resource server maybe?

mod_client_management: Fix import of util.error (not errors)

mod_rest: Implement use of refresh tokens in rest.sh example Because having access tokens expire daily was becoming annoying. Now this is starting to be in dire need of refactoring.

mod_http_oauth2: Fix error due to reference loop when using refresh token

mod_http_oauth2: Fix table index error when using refresh token

mod_muc_http_defaults: Use the new set_subject API. Thanks John Livingston

mod_service_outage_status: XEP-0455: Service Outage Status Only the out of band part so far. The in-band pubsub part would need '+notify' support in mod_pubsub, since mod_pep does not serve the bare-host-JID. All the hard parts of this XEP is elsewhere, i.e. hosting the document somewhere reliable.

mod_http_oauth2: Support OpenID UserInfo claims Actually filling in those details is left to another module because I don't really wanna mix in a dependency on PEP or mod_vcard here, those implementation details can be in a second module. Some might want to fill this from LDAP or something as well.

mod_http_oauth2: Add some debug logging for UserInfo endpoint

mod_http_oauth2: Correct error code when missing credentials for userinfo

mod_rest: Get correct type from config Autocomplete?

mod_http_debug: Module that echos back HTTP request info for debugging Written in 2021 for debugging some reverse proxy issue on https://chat.prosody.im/

mod_rest: Allow passing configuring a timeout for <iq> responses The default 2 minutes is not how long you want to wait, sometimes.

mod_audit: Add expiration of entries, and handling of full archive stores

mod_rest/rest.sh: Update 'client_uri' to module page This started as a convenience wrapper for httpie + mod_rest that eventually grew OAuth support.

mod_rest/rest.sh: List dependencies in comment

mod_http_oauth2/README: Add rest.sh to known implementations

mod_audit: Add 'note' column

mod_audit: Improve filtering options and add documentation to README

mod_audit: Add some control over output columns via command-line flags

mod_audit_status: Include shutdown reason in log entry

mod_audit: Let util.human.io pick a suitable default width It supports better width detection now.

mod_audit: Use proportional columns in table output

mod_audit: Fix iteration of custom payloads to use ipairs

mod_audit_status: New module to log server status to audit log

mod_audit: Display most recent entries first, rather than showing oldest This matches the output of 'lastb'.

mod_audit: Minor style nit

mod_audit: Allow caller to specify time of the event

mod_http_oauth2/README: Link to mod_rest

mod_http_oauth2/README: Link to OAuth and OIDC sites

mod_client_management: README: Update docs to detail shell and XMPP interfaces

mod_http_oauth2: README: Updated documentation to reflect module status

mod_client_management: Add list-clients + manage-clients permissions to users

mod_client_management: Add support for revoking client access via XMPP

mod_client_management: Improve representation of authentication methods

mod_client_management: Improve table output Requires 1f89a2a9f532 and 1023c3faffac from Prosody.

mod_client_management: Fix user:clients() shell command to take a JID

mod_client_management: Use grant id from key This is a minor tweak - it's faster and preserves compatibility with older data formats (that we don't necessarily want to be compatible with, but some of us have messy data stores and it pays to be a little more robust).

mod_client_management: Fail to revoke clients that have used passwords Return an error so the caller can take appropriate action, e.g. encouraging the user to change their password.

mod_client_management: Add support for revocation of clients (when possible) We decided to keep the unified listing of "clients", which includes both SASL2 clients and OAuth grants, etc. To a user, or someone wanting to manage what can access their account, they are largely equivalent. To accomplish this technically, we add a prefix to the id to state what type it really is.

mod_client_management: Include client type in XML response listing

mod_sasl2_fast: Add API method to revoke FAST tokens for a given client

mod_cloud_notify_filters: Fix traceback when invalid JIDs are submitted

mod_client_management: Add XMPP and shell interfaces to fetch client list

.luacheckrc: Add module.once

mod_audit: Add a command to print the audit log on the command-line

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.

mod_isolate_host: potentially pedantic optimization By Zash.

mod_isolate_host: handle server-generated stanzas The hook for setting the no_host_isolation is only called for c2s sessions. This does not work for stanzas generated by the server, such as PEP notifications or presence probe answers. To handle that, we do per-stanza checks for the case that the origin is local.

mod_authz_delegate: make resistant against startup order issues There is no guarantee that the target_host gets activated and initialized before the host this module is loaded on. As add_default_permission is called during load time by many modules, we need to be prepared to queue stuff.