Merge pull request #4354 from esl/documentation-update

Updating mod_keystore and mod_auth_token documentation
esl · Aug 6, 2024 · 0f5700b · 0f5700b
2 parents dc0e05a + 6dcbb46
commit 0f5700b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/doc/modules/mod_auth_token.md b/doc/modules/mod_auth_token.md
@@ -39,7 +39,7 @@ Validity period configuration for provision tokens happens outside the module si
 
 ### Required keys
 
-To read more about the keys MongooseIM makes use of, please refer to [mod_keystore](mod_keystore.md) documentation.
+To read more about the keys MongooseIM makes use of, please refer to [mod_keystore](mod_keystore.md) documentation, where you can find an example configuration when using `mod_auth_token`.
 
 ## Token types
 
@@ -49,19 +49,22 @@ Three token types are supported:
   Access tokens can be used as a payload for the X-OAUTH authentication mechanism and grant access to the system.
   Access tokens can't be revoked.
   An access token is valid only until its expiry date is reached.
+  In mod_keystore, the keyname for this token type is `token_secret`.
 
 - _refresh tokens_: These are longer lived tokens which are tracked by the server and therefore require persistent storage in a relational database.
   Refresh tokens can be used as a payload for the X-OAUTH authentication mechanism and to grant access to the system.
   Also they can result in a new set of tokens being returned upon successful authentication.
   They can be revoked - if a refresh token hasn't been revoked, it is valid until it has expired.
   On revocation, it immediately becomes invalid.
   As the server stores information about granted tokens, it can also persistently mark them as revoked.
+  In mod_keystore, the keyname for this token type is `token_secret`.
 
 - _provision tokens_: These tokens are generated by a service external to the server. 
    They grant the owner a permission to create an account.
   A provision token may contain information which the server can use to provision the VCard for the newly created account.
   Using a provision token to create an account (and inject VCard data) is done similarly to other token types, i.e. by passing it as payload for the X-OAUTH mechanism.
   The XMPP server has no way of tracking and revoking provision tokens, as they come from an outside source.
+  In mod_keystore, the keyname for this token type is `provision_pre_shared`. The usage of this token type is optional.
 
 ## Token serialization format
 

diff --git a/doc/modules/mod_keystore.md b/doc/modules/mod_keystore.md
@@ -75,3 +75,10 @@ for each virtual XMPP domain):
             {name = "access_psk", type = "file", path = "priv/second_access_psk"},
             {name = "provision_psk", type = "file", path = "priv/second_provision_psk"}]
 ```
+
+Minimal configuration supporting mod_auth_token:
+
+```toml
+[modules.mod_keystore]
+  keys = [{name = "token_secret", type = "ram"}]
+```