Kim Alvefur <zash@zash.se> [Sun, 19 Mar 2023 22:21:41 +0100] rev 5264
mod_adhoc_oauth2_client: Update to call into mod_http_oauth2
Kim Alvefur <zash@zash.se> [Sun, 19 Mar 2023 22:13:27 +0100] rev 5263
mod_http_oauth2: Refactor to allow reuse of OAuth client creation
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 19:59:32 +0100] rev 5262
mod_http_oauth2: Fix userinfo status code off-by-one
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 19:28:44 +0100] rev 5261
mod_http_oauth2: Implement and return ID Token in authorization code flow
Is this OIDC?
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 17:52:10 +0100] rev 5260
mod_http_oauth2: Reject non-local hosts in more code paths
We're not issuing tokens for users on remote hosts, we can't even
authenticate them since they're remote. Thus the host is always the
local module.host so no need to pass around the host in most cases or
use it for anything but enforcing the same host.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 17:06:35 +0100] rev 5259
mod_http_oauth2: Add support for the "openid" scope
This "openid" scope is there to signal access to the userinfo endpoint,
which is needed for OIDC support.
We don't actually check this later because the userinfo endpoint only
returns info embedded in the token itself, but in the future we may want
to check this more carefully.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 17:03:48 +0100] rev 5258
mod_http_oauth2: Prepare to handle multiple e.g. non-role scopes
This is to prepare to handle scopes like "openid" that don't map to
roles.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 14:27:46 +0100] rev 5257
mod_adhoc_oauth2_client: Make note in README about current broken state
It could plausibly be made to work again using the stateless method
internally.
Kim Alvefur <zash@zash.se> [Thu, 16 Mar 2023 00:06:43 +0100] rev 5256
mod_http_oauth2: Fix attempt to index a boolean value
_This_ function signature strikes again
It returns true, payload, but only passed the boolean on in place of the
client, tripping up client_subset()
Matthew Wild <mwild1@gmail.com> [Tue, 14 Mar 2023 18:59:39 +0000] rev 5255
mod_audit: Allow disabling IP logging, or limiting it to a prefix