diff options
author | Kim Alvefur <zash@zash.se> | 2023-03-16 12:18:23 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-03-16 12:18:23 +0100 |
commit | 566a991f8499d815314b695cb52959f334bcb9e9 (patch) | |
tree | 09b7f104dff8548c555e62e9199633917f789596 /doc | |
parent | 944c25f3522f0ae649b2e9d04729bf2278387744 (diff) | |
download | prosody-566a991f8499d815314b695cb52959f334bcb9e9.tar.gz prosody-566a991f8499d815314b695cb52959f334bcb9e9.zip |
util.sasl.oauthbearer: Return username from callback instead using authzid (BC)
RFC 6120 states that
> If the initiating entity does not wish to act on behalf of another
> entity, it MUST NOT provide an authorization identity.
Thus it seems weird to require it here. We can instead expect an
username from the token data passed back from the profile.
This follows the practice of util.sasl.external where the profile
callback returns the selected username, making the authentication module
responsible for extracting the username from the token.
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions