Kim Alvefur <zash@zash.se> [Fri, 03 Mar 2023 18:00:28 +0100] rev 5195
mod_http_oauth2: Derive scope from correct user details
Plausible copypaste mistake
Kim Alvefur <zash@zash.se> [Fri, 03 Mar 2023 14:22:05 +0100] rev 5194
mod_http_oauth2: Fix to actually return OOB response
Matthew Wild <mwild1@gmail.com> [Fri, 03 Mar 2023 11:24:05 +0000] rev 5193
mod_http_oauth2: Add OIDC discovery endpoint (thanks Zash)
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 23:59:09 +0100] rev 5192
mod_http_oauth2: Implement OOB special redirect URI in code flow
Aka "copy and paste this into your client"
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 23:57:29 +0100] rev 5191
mod_http_oauth2: Add settings for allowed grant and response types
So that you can opt-in to the insecure methods...
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 22:06:50 +0100] rev 5190
mod_http_oauth2: Implement the Implicit flow
Everyone says this is insecure and bad, but it's also the only thing
that makes sense for e.g. pure JavaScript clients, but hey implement
this even more complicated thing instead!
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 22:00:42 +0100] rev 5189
mod_http_oauth2: Fix treatment of 'redirect_uri' parameter in code flow
It's optional and the one stored in the client registration should
really be used instead. RFC 6749 says an URI provided as parameter MUST
be validated against the stored one but does not say how.
Given that the client needs their secret to proceed, it seems fine to
leave this for later.
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 11:38:57 +0100] rev 5188
mod_s2s_whitelist/README: Show inclusion in modules_enabled in example
Thanks amalgame21
Kim Alvefur <zash@zash.se> [Thu, 02 Mar 2023 11:38:08 +0100] rev 5187
mod_s2s_blacklist/README: Show inclusion in modules_enabled in example
Thanks amalgame21
Kim Alvefur <zash@zash.se> [Wed, 01 Mar 2023 21:55:34 +0100] rev 5186
mod_http_oauth2: Issue tokens for the purpose of 'oauth2'
This argument was added in Prosody trunk rev 012fa81d1f5d