mod_http_admin_api: Tweak token session to please module:may() module:may() checks for type == "c2s", but mod_tokenauth does not currently include that or most common session properties. Fixes a traceback resulting from a different code path where module:may() tries to index event.stanza, which does not exist for http events.

mod_sasl2_fast: Invalidate tokens issued prior to last password change

mod_rest: Add an example bash script for using mod_rest Also supports --login with mod_http_oauth2

mod_http_oauth2: Update to use new API of Prosody mod_tokenauth @ 601d9a375b86

mod_http_oauth2: Add support for refresh tokens

mod_http_oauth2: Declare additional client registration fields as strings Previously any property not listed in the schema was allowed in any form, which is probably a bit too liberal. Instead, limit extra fields to simple strings, which should still allow localized versions of the various URIs and descriptive properties per RFC 7591 §2.2

mod_http_oauth2: Stricten check of urlencoded form data Because type(formdecode("string without equals sign")) == "string", so best avoid continuing in that case, even if strings mostly behave as tables as long as you don't hit one of the __index methods.

mod_http_oauth2: Pedantic optimization Checking the length of the string seems like 30% more expensive than comparing it with the empty string (by reference, probably).

mod_pubsub_feeds: Fix packaging of support library for installer

mod_muc_rtbl: Handle node purge Prevents the module from going out of sync with the node in case this event ever happens.