mod_http_oauth2

Introduction

This module is a work-in-progress intended for developers only!

Configuration

Dynamic client registration enabled by configuring a JWT key. Algorithm defaults to HS256.

oauth2_registration_key = "securely generated JWT key here"
oauth2_registration_algorithm = "HS256"
oauth2_registration_options = { default_ttl = 60 * 60 * 24 * 90 }

Various flows can be disabled and enabled with allowed_oauth2_grant_types and allowed_oauth2_response_types:

allowed_oauth2_grant_types = {
    "authorization_code"; -- authorization code grant
    "password"; -- resource owner password grant
}

allowed_oauth2_response_types = {
    "code"; -- authorization code flow
    -- "token"; -- implicit flow disabled by default
}

Compatibility

Requires Prosody 0.12+ or trunk.

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_http_oauth2

For earlier versions see the documentation for installing 3rd party modules

Latest changes

Refactor to allow reuse of OAuth client creation 2023-03-19
Fix userinfo status code off-by-one 2023-03-16
Implement and return ID Token in authorization code flow 2023-03-16
Reject non-local hosts in more code paths 2023-03-16
Add support for the "openid" scope 2023-03-16

mod_http_oauth2

Introduction

Configuration

Compatibility

Installation

Latest changes

Details

Authors

Links