log mod_http_oauth2/mod_http_oauth2.lua @ 6515:ff55e93be449

age author description
Wed, 08 Apr 2026 23:08:39 +0200 Kim Alvefur mod_http_oauth2: Normalize username in password grant
Wed, 18 Feb 2026 16:35:30 +0100 Kim Alvefur mod_http_oauth2: Make error template optional
Tue, 15 Jul 2025 21:56:56 +0200 Kim Alvefur mod_http_oauth2: Remove unused function
Tue, 15 Jul 2025 21:55:25 +0200 Kim Alvefur mod_http_oauth2: Fix passing roles and scopes the same way to template
Tue, 15 Jul 2025 16:28:40 +0200 Kim Alvefur mod_http_oauth2: Show scope descriptions
Tue, 15 Jul 2025 01:46:38 +0200 Kim Alvefur mod_http_oauth2: Only issue id_token when granted openid scope
Thu, 03 Jul 2025 16:18:38 +0200 Kim Alvefur mod_http_oauth2: Avoid tripping on redirect URIs when omitted
Thu, 03 Jul 2025 15:45:00 +0200 Kim Alvefur mod_http_oauth2: Reject invalid attempt to register client without credentials
Thu, 03 Jul 2025 15:42:42 +0200 Kim Alvefur mod_http_oauth2: Only require redirect URIs when using grant types that need it
Thu, 03 Jul 2025 15:34:57 +0200 Kim Alvefur mod_http_oauth2: Comment on origin of a constant URI
Thu, 03 Jul 2025 15:34:42 +0200 Kim Alvefur mod_http_oauth2: Check grant type before issuing refresh token
Thu, 03 Jul 2025 12:32:43 +0200 Kim Alvefur mod_http_oauth2: Remove defaults that should be included on clients
Thu, 03 Jul 2025 12:27:32 +0200 Kim Alvefur mod_http_oauth2: Handle absent array argument in array member check
Thu, 03 Jul 2025 12:14:53 +0200 Kim Alvefur mod_http_oauth2: Use numeric for loop instead of ipairs
Wed, 02 Jul 2025 16:15:32 +0200 Kim Alvefur mod_http_oauth2: Assume Prosody 13.0+ roles are available
Wed, 02 Jul 2025 15:55:05 +0200 Kim Alvefur mod_http_oauth2: Use cheaper array member check
Wed, 02 Jul 2025 15:53:02 +0200 Kim Alvefur mod_http_oauth2: Support the "offline_access" for granting refresh tokens
Fri, 13 Jun 2025 21:57:38 +0200 Kim Alvefur mod_http_oauth2: Handle case of device state having expired
Fri, 13 Jun 2025 21:30:56 +0200 Kim Alvefur mod_http_oauth2: Refactor to return all errors to Device clients
Sat, 07 Jun 2025 22:13:41 +0200 Kim Alvefur mod_http_oauth2: Add comment referencing RFC 8176
Sat, 07 Jun 2025 22:02:18 +0200 Kim Alvefur mod_http_oauth2: Reorder metadata by source
Wed, 04 Jun 2025 17:32:19 +0200 Kim Alvefur mod_http_oauth2: Fire authentication events in password grant
Tue, 03 Jun 2025 17:20:52 +0200 Kim Alvefur mod_http_oauth2: Return instead of throwing errors
Tue, 03 Jun 2025 17:04:19 +0200 Kim Alvefur mod_http_oauth2: Forbid inclusion of disabled grant and response types
Tue, 03 Jun 2025 16:59:07 +0200 Kim Alvefur mod_http_oauth2: Allow zero response types (e.g. with the password grant)
Tue, 03 Jun 2025 01:11:37 +0200 Kim Alvefur mod_http_oauth2: Remove now redundant client_id check from remaining grant handlers
Mon, 02 Jun 2025 22:21:44 +0200 Kim Alvefur mod_http_oauth2: Refactor client grant and response type checks
Mon, 02 Jun 2025 20:55:20 +0200 Kim Alvefur mod_http_oauth2: Enforce the registered grant types
Sat, 31 May 2025 16:07:29 +0200 Kim Alvefur mod_http_oauth2: Remove unused variable [luacheck]
Sat, 31 May 2025 16:07:18 +0200 Kim Alvefur mod_http_oauth2: Fix indentation
Sat, 31 May 2025 13:36:39 +0200 Kim Alvefur mod_http_oauth2: Deduplicate client authentication
Sat, 19 Apr 2025 20:32:37 +0200 magicfelix mod_http_oauth2: Allow JIDs as username for password grant
Sat, 19 Apr 2025 18:30:57 +0200 magicfelix mod_http_oauth2: Pass client to token to enable introspection
Sat, 19 Apr 2025 16:25:24 +0200 Kim Alvefur mod_http_oauth2: Change password grant to take username instead of JID [BC]
Sat, 19 Apr 2025 16:42:21 +0200 magicfelix mod_http_oauth2: Require client authentication for password grant
Sun, 16 Mar 2025 21:56:25 +0100 Kim Alvefur mod_http_oauth2: Reorder HTTP handler (noop)
Thu, 31 Oct 2024 21:49:32 +0100 Kim Alvefur mod_http_oauth2: Fix check for userinfo endpoint handler
Sat, 07 Sep 2024 15:20:23 +0200 Kim Alvefur mod_http_oauth2: Fix error due to mistake in 5f8a306c8306
Sat, 31 Aug 2024 14:46:33 +0200 Kim Alvefur mod_http_oauth2: Simplify negation in condition
Sat, 31 Aug 2024 13:30:55 +0200 Kim Alvefur mod_http_oauth2: Require a stringprepped host part of URLs
Thu, 29 Aug 2024 18:03:23 +0200 Kim Alvefur mod_http_oauth2: Ensure URL ports are integer in correct range
Thu, 29 Aug 2024 16:02:46 +0200 Kim Alvefur mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999)
Mon, 15 Jul 2024 20:02:25 +0200 Kim Alvefur mod_http_oauth2: Guard against malformed authorization header
Sun, 14 Jul 2024 17:47:06 +0200 Kim Alvefur mod_http_oauth2: HTTP authentication schemes are case-insensitive
Tue, 05 Mar 2024 00:32:00 +0100 Kim Alvefur mod_http_oauth2: Reflect changes to defaults etc
Wed, 24 Jan 2024 17:55:26 +0100 Kim Alvefur mod_http_oauth2: Reuse JWT issuance time as substitute for auth time
Sat, 23 Dec 2023 00:06:35 +0100 Kim Alvefur mod_http_oauth2: Reduce log level for error delivery via redirect
Sat, 23 Dec 2023 00:01:30 +0100 Kim Alvefur mod_http_oauth2: Tweak fallback error text
Thu, 21 Dec 2023 18:26:42 +0100 Kim Alvefur mod_http_oauth2: Improve registration schema documentation parts
Fri, 15 Dec 2023 12:10:07 +0100 Kim Alvefur mod_http_oauth2: Do not enforce PKCE on Device and OOB flows
Mon, 04 Dec 2023 21:36:35 +0100 Kim Alvefur mod_http_oauth2: Add logger to "session" for auth event
Mon, 04 Dec 2023 21:07:54 +0100 Kim Alvefur mod_http_oauth2: Move some code earlier
Sun, 03 Dec 2023 23:51:54 +0100 Kim Alvefur mod_http_oauth2: Reject unparsable URLs
Sun, 03 Dec 2023 23:44:18 +0100 Kim Alvefur mod_http_oauth2: Return validation output added in trunk rev 72d7830505f0
Sun, 03 Dec 2023 15:07:50 +0100 Kim Alvefur mod_http_oauth2: Handle login_hint without @hostpart
Fri, 01 Dec 2023 22:40:41 +0100 Kim Alvefur mod_http_oauth2: Fire authentication events on login form
Fri, 01 Dec 2023 21:35:25 +0100 Kim Alvefur mod_http_oauth2: Comment on authorization code storage
Tue, 14 Nov 2023 23:19:19 +0100 Kim Alvefur mod_http_oauth2: Make defaults more secure
Tue, 14 Nov 2023 23:03:37 +0100 Kim Alvefur mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted
Sun, 29 Oct 2023 11:30:49 +0100 Kim Alvefur mod_http_oauth2: Limit revocation to clients own tokens in strict mode