Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 20:42:33 +0200] rev 5435
mod_rest/rest.sh: Add --logout to revoke token
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 20:41:35 +0200] rev 5434
mod_rest/rest.sh: Make scopes to request configurable in restrc
Makes it easier to experiment with requesting various scopes and roles
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 20:25:18 +0200] rev 5433
mod_http_oauth2: Strip unknown scopes from consent page
Since the scope string can be any arbitrary space-separated strings.
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 20:24:18 +0200] rev 5432
mod_http_oauth2: Simplify code with the power of first class functions
Selected / primary role is the first assumable role
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 19:11:20 +0200] rev 5431
mod_http_oauth2: More functional functions
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 19:07:52 +0200] rev 5430
mod_http_oauth2: Add function for filtering roles
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 19:29:15 +0200] rev 5429
mod_http_oauth2: Support granting zero role-scopes
It seems Very Bad that if you uncheck all roles on the consent page, you
get the default scopes, which seems the opposite of what you probably
intended. Currently, mod_tokenauth will do the same thing, so work is
needed there too to allow issuing tokens without roles.
A token without a role could be used for OIDC login, and not much else.
This seems like a valuable thing to support.
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 19:40:57 +0200] rev 5428
mod_http_oauth2: Revert role selector, going to try something else
Back out f2c7bb3af600
Allowing only a single role to be encoded into the grant takes away the
possibility of having multiple roles in the grant, one of which is
selected when issuing an access token. It also takes away the ability to
have zero roles granted, which could be useful e.g. when you only need
OIDC scopes.
Kim Alvefur <zash@zash.se> [Sun, 07 May 2023 19:06:37 +0200] rev 5427
mod_http_oauth2: Include all granted roles in scopes
The client is allowed to request a subset of granted scopes, so it makes
sense to record all granted roles so that another could be selected at
access token issuance.
Kim Alvefur <zash@zash.se> [Sat, 06 May 2023 17:06:13 +0200] rev 5426
mod_block_registrations: Refresh Compatibility section
Update to use currently supported Prosody versions.