Matthew Wild <mwild1@gmail.com> [Fri, 03 Mar 2023 11:24:05 +0000] rev 5193
mod_http_oauth2: Add OIDC discovery endpoint (thanks Zash)
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 23:59:09 +0100] rev 5192
mod_http_oauth2: Implement OOB special redirect URI in code flow
Aka "copy and paste this into your client"
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 23:57:29 +0100] rev 5191
mod_http_oauth2: Add settings for allowed grant and response types
So that you can opt-in to the insecure methods...
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 22:06:50 +0100] rev 5190
mod_http_oauth2: Implement the Implicit flow
Everyone says this is insecure and bad, but it's also the only thing
that makes sense for e.g. pure JavaScript clients, but hey implement
this even more complicated thing instead!
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 22:00:42 +0100] rev 5189
mod_http_oauth2: Fix treatment of 'redirect_uri' parameter in code flow
It's optional and the one stored in the client registration should
really be used instead. RFC 6749 says an URI provided as parameter MUST
be validated against the stored one but does not say how.
Given that the client needs their secret to proceed, it seems fine to
leave this for later.
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 11:38:57 +0100] rev 5188
mod_s2s_whitelist/README: Show inclusion in modules_enabled in example
Thanks amalgame21
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 11:38:08 +0100] rev 5187
mod_s2s_blacklist/README: Show inclusion in modules_enabled in example
Thanks amalgame21
Kim Alvefur <zash@zash.se> [Wed, 01 Mar 2023 21:55:34 +0100] rev 5186
mod_http_oauth2: Issue tokens for the purpose of 'oauth2'
This argument was added in Prosody trunk rev 012fa81d1f5d
Kim Alvefur <zash@zash.se> [Wed, 01 Mar 2023 21:11:48 +0100] rev 5185
mod_http_oauth2: Fix removal of consumed authorization codes
Fixes mod_http_oauth2.lua:34: bad argument #2 to 'difftime' (number expected, got nil)
The extra preceding argument to :set stored the client-id#code as a value
instead of clearing the key, and then later in the periodic cleanup
timer this string would be indexed, producing a nil and a traceback
Matthew Wild <mwild1@gmail.com> [Wed, 01 Mar 2023 13:21:29 +0000] rev 5184
mod_sasl2_bind2: Support for SASL handlers forcing a specific resource