aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_tokenauth.lua
Commit message (Collapse)AuthorAgeFilesLines
* mod_tokenauth: Fix misplaced closing parenthesisKim Alvefur2023-03-021-1/+1
| | | | `type(x ~= y)` is always a string, thus truthy
* mod_tokenauth: Gracefully handle missing tokensMatthew Wild2023-03-011-0/+1
|
* mod_tokenauth: Add SASL handler backend that can accept and verify tokensMatthew Wild2023-03-011-0/+18
| | | | | This is designed for use by other modules that want to accept tokens issued by mod_tokenauth, without duplicating all the necessary logic.
* mod_tokenauth: Add some sanity checking of the new optional parametersMatthew Wild2023-03-011-0/+4
|
* mod_tokenauth: Add 'purpose' constraintMatthew Wild2023-03-011-1/+2
| | | | | | | | | | This allows tokens to be tied to specific purposes/protocols. For example, we shouldn't (without specific consideration) allow an OAuth token to be dropped into a slot expecting a FAST token. While FAST doesn't currently use mod_tokenauth, it and others may do in the future. It's better to be explicit about what kind of token code is issuing or expecting.
* mod_tokenauth: Allow attaching an arbitrary data table to a tokenMatthew Wild2022-10-131-1/+2
|
* mod_tokenauth: Remove expired tokens from storageMatthew Wild2022-10-061-0/+2
|
* mod_tokenauth: Invalidate tokens issued before most recent password changeMatthew Wild2022-10-061-0/+6
| | | | | | This is a security improvement, to ensure that sessions authenticated using a token (note: not currently possible in stock Prosody) are invalidated just like password-authenticated sessions are.
* mod_authz_internal, and more: New iteration of role APIMatthew Wild2022-08-171-1/+1
| | | | | | | | | | | These changes to the API (hopefully the last) introduce a cleaner separation between the user's primary (default) role, and their secondary (optional) roles. To keep the code sane and reduce complexity, a data migration is needed for people using stored roles in 0.12. This can be performed with prosodyctl mod_authz_internal migrate <host>
* mod_tokenauth: New API that better fits how modules are using token authMatthew Wild2022-07-201-12/+40
| | | | | | This also updates the module to the new role API, and improves support for scope/role selection (currently treated as the same thing, which they almost are).
* mod_tokenauth: Track creation time of tokensMatthew Wild2020-02-281-0/+1
|
* mod_tokenauth: Handle tokens issued to bare hosts (eg components)Kim Alvefur2020-02-281-1/+1
|
* mod_authtokens: Rename to mod_tokenauth for consistency with mod_saslauthMatthew Wild2020-02-261-0/+81