mod_pubsub_subscription: support subscribing from a bare JID Allow subscribing from a bare JID on the component instead of only the component host, useful for subscribing to whitelist access model nodes that want to see a particular JID in the from.

merge

mod_muc_restrict_avatars: Block MUC participant avatars for non-members

misc/mtail: Start of an mtail config Stashing it here in case anyone wants to continue working on it. Currently it's only counting log messages by level. Due to the permissions set by systemd on Prosody logs, mtail never managed to start correctly until permissions were manually relaxed.

mod_muc_moderation: Mention that it works with mod_storage_xmlarchive (thanks Menel)

mod_http_oauth2: Apply refresh token ttl to refresh token instead of grant The intent in 59d5fc50f602 was for refresh tokens to extend the lifetime of the grant, but the refresh token ttl was applied to the grant and mod_tokenauth does not change it, leading to the grant expiring regardless of refresh token usage. This makes grant lifetimes unlimited, which seems to be standard practice in the wild.

mod_client_management: Show grant expiry in shell command I want to know when my OAuth2 grant expires and that it really is extended by refreshing.

mod_http_oauth2: Tweak wording in README to point out that this is an AS

mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt If the OIDC 'prompt' parameter does not contain the 'select_account' then it wants us to skip account selection, which means we have to figure which account to authenticate somehow. One way could be have this stored in a cookie from a previous successful login. Another way would be to have the account passed as a hint, which is what we add here.

mod_http_oauth2: Remove broken in-CSS templating Because util.interpolation with a "%b{}" pattern only matches the outer brackets, so variables inside them would not work unless the pattern is changed (also considered).