Mercurial > prosody-modules
view mod_log_auth/mod_log_auth.lua @ 5390:f2363e6d9a64
mod_http_oauth2: Advertise the currently supported id_token signing algorithm
This field is REQUIRED. The algorithm RS256 MUST be included, but isn't
because we don't implement it, as that would require implementing a pile
of additional cryptography and JWT stuff. Instead the id_token is
signed using the client secret, which allows verification by the client,
since it's a shared secret per OpenID Connect Core 1.0 ยง 10.1 under
Symmetric Signatures.
OpenID Connect Discovery 1.0 has a lot of REQUIRED and MUST clauses that
are not supported here, but that's okay because this is served from the
RFC 8414 OAuth 2.0 Authorization Server Metadata .well-known endpoint!
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 30 Apr 2023 16:13:40 +0200 |
| parents | 6d1ec8099315 |
| children |
line wrap: on
line source
local mode = module:get_option_string("log_auth_ips", "failure"); assert(({ all = true, failure = true, success = true })[mode], "Unknown log mode: "..tostring(mode).." - valid modes are 'all', 'failure', 'success'"); if mode == "failure" or mode == "all" then module:hook("authentication-failure", function (event) local session = event.session; local username = session.username or session.sasl_handler and session.sasl_handler.username or "?"; session.log("info", "Failed authentication attempt (%s) for user %s@%s from IP: %s", event.condition or "unknown-condition", username, module.host, session.ip or "?"); end); end if mode == "success" or mode == "all" then module:hook("authentication-success", function (event) local session = event.session; session.log("info", "Successful authentication as %s@%s from IP: %s", session.username, module.host, session.ip or "?"); end); end
