Matthew Wild feabed6565 Register as an OAuth client and authenticate token requests ...

mod_http_oauth2 in prosody-modules was updated to require client
authentication for the password grant, which previously did not need
client authentication.

This means that the first request we make to Prosody will now register as a
client in order to obtain client_id and client_secret.

There is no real security gain from this approach (unlike other grant types,
the password grant does not do redirects which could be intercepted). In the
future, however, some security could be gained by having Prosody restrict
the ability to use the password grant to privileged OAuth clients. This would
prevent third-party OAuth clients from using the password grant which is not
suitable for that purpose.

2025-06-02 11:36:08 +01:00

..

scss

Add 'share' button for browsers supporting Web Share API

2024-04-30 10:48:51 +01:00

static

Serve localized Google Play badges locally

2025-04-12 20:23:10 +02:00

templates

Serve localized Google Play badges locally

2025-04-12 20:23:10 +02:00

translations

Serve localized Google Play badges locally

2025-04-12 20:23:10 +02:00

__init__.py

Explicitly set cookie SameSite attribute to Lax

2024-04-29 11:18:55 +01:00

_version.py

Automatically determine version from build info or git

2021-05-31 11:20:39 +01:00

admin.py

Support for optional text notes on invitations

2024-04-29 18:39:06 +01:00

colour.py

…

infra.py

infra: Fix string to use correct translation function name

2023-12-14 12:43:52 +00:00

invite.py

Serve localized Google Play badges locally

2025-04-12 20:23:10 +02:00

main.py

Add policy URLs and contact addresses for instances in the relevant places

2023-10-25 16:18:12 +01:00

prosodyclient.py

Register as an OAuth client and authenticate token requests

2025-06-02 11:36:08 +01:00

user.py

fixup: please flake8

2024-08-11 16:34:06 +02:00

xmpputil.py

Bump quart to version 0.17

2022-05-30 17:37:54 +02:00