Matthew Wild <mwild1@gmail.com> [Tue, 07 Mar 2023 10:27:40 +0000] rev 5221
mod_http_oauth2: Fix incorrect function name (thanks Zash/luacheck)
Matthew Wild <mwild1@gmail.com> [Tue, 07 Mar 2023 10:26:57 +0000] rev 5220
mod_cloud_notify: Add note about Lua version requirements to README
Matthew Wild <mwild1@gmail.com> [Tue, 07 Mar 2023 10:24:58 +0000] rev 5219
mod_cloud_notify: Log warning when used on Lua 5.1
Kim Alvefur <zash@zash.se> [Mon, 06 Mar 2023 16:53:27 +0100] rev 5218
mod_http_oauth2: Remove authorization codes after use
RFC 6749 section 4.1.2 says:
> The client MUST NOT use the authorization code more than once.
Thus we clear it from the cache after use.
Kim Alvefur <zash@zash.se> [Mon, 06 Mar 2023 16:49:43 +0100] rev 5217
mod_http_oauth2: Fix authorization code logic
I have no idea what it did before or if it even worked.
RFC 6749 section 4.1.2 says:
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So this should prevent use of codes older than 10 minutes and remove
them from the cache some time after they expire.
Kim Alvefur <zash@zash.se> [Mon, 06 Mar 2023 15:55:11 +0100] rev 5216
mod_http_oauth2: Include html templates in package for plugin installer
luarocks needs this extra metadata
Kim Alvefur <zash@zash.se> [Thu, 23 Feb 2023 00:30:59 +0100] rev 5215
mod_conversejs: This one weird trick updates options on reload
Options queried from the config in get_converse_options() would take
effect immediately after Prosody reloads the config. Including
'conversejs_options' in this behaviour by simply moving a line seems
worth it.
Matthew Wild <mwild1@gmail.com> [Mon, 06 Mar 2023 10:37:43 +0000] rev 5214
mod_http_oauth2: Switch to '303 See Other' redirects
This is the recommendation by draft-ietf-oauth-v2-1-07 section 7.5.2. It is
the only redirect code that guarantees the user agent will use a GET request,
rather than re-submitting a POST request to the new URL.
The latter would be bad for us, as we are encoding auth tokens in the form
data.
Matthew Wild <mwild1@gmail.com> [Mon, 06 Mar 2023 10:29:14 +0000] rev 5213
mod_http_oauth2: Allow non-HTTPS on localhost URLs
This is the recommended behaviour (draft-ietf-oauth-v2-1-07 section 7.5.1).
Matthew Wild <mwild1@gmail.com> [Mon, 06 Mar 2023 09:46:58 +0000] rev 5212
mod_http_oauth2: Add authentication, consent and error pages