view mod_audit_register/mod_audit_register.lua @ 5448:9d542e86e19a

mod_http_oauth2: Allow requesting a subset of scopes on token refresh This enables clients to request access tokens with fewer permissions than the grant they were given, reducing impact of token leak. Clients could e.g. request access tokens with some privileges and immediately revoke them after use, or other strategies.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 21:40:09 +0200
parents 08dea42a302a
children dde83f6043e6
line wrap: on
line source

module:depends("audit");
-- luacheck: read globals module.audit

local st = require "util.stanza";

module:hook("user-registered", function(event)
	local session = event.session;
	local custom = {};
	local invite = event.validated_invite or (event.session and event.session.validated_invite);
	if invite then
		table.insert(custom, st.stanza(
			"invite-used",
			{
				xmlns = "xmpp:prosody.im/audit",
				token = invite.token,
			}
		))
	end
	module:audit(event.username, "user-registered", {
		session = session,
		custom = custom,
	});
end);