mod_saslauth: Derive hash from certificate per tls-server-end-point This originally used a WIP implementation of cert:sigalg(), a method to retrieve certificate signature algorithm, but it was never submitted upstream. https://github.com/Zash/luasec/tree/zash/sigalg cert:getsignaturename() was merged in https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049 XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST

mod_saslauth: Support tls-server-end-point via manually specified hash Since this channel binding method is said to enable TLS offloading then you need tell Prosody the hash (or the full cert), so this seems like a good start. Support is RECOMMENDED in XEP-0440 version 0.2

mod_tokenauth: Set name/description on cleanup job

mod_tokenauth: Save grant after removing expired tokens Ensures the periodic cleanup really does remove expired tokens.

mod_tokenauth: Periodically clear out expired tokens and grants This should ensure expired grants eventually disappear.

mod_tokenauth: Delete grants without tokens after period Generally it is expected that a grant would have at least one token as long as the grant is in active use. Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by default, so the idea here is that if that refresh token expired and another week goes by without the grant being used, then the whole grant can be removed.

mod_tokenauth: Clear expired tokens on grant retrieval

mod_tokenauth: Delete grants in the wrong formats on retrieval

lint: Teach luacheck about module:once Silence warning for using this introduced in 9c62ffbdf2ae

mod_cron: Remove unused import [luacheck] Use of datetime was removed in 6ac5ad578565