Comparison

mod_auth_http/README.markdown @ 4157:93b12bfd7aa8

mod_auth_http: Yet another module to authenticate against a HTTP service
author Matthew Wild <mwild1@gmail.com>
date Wed, 30 Sep 2020 13:20:11 +0100
child 4158:df1e0465ff81
comparison
equal deleted inserted replaced
4156:b79904446d9e 4157:93b12bfd7aa8
1 ---
2 labels:
3 - Stage-Alpha
4 summary: "Authenticate users against an external HTTP API"
5 ...
6
7 # Overview
8
9 This authentication module allows Prosody to authenticate users against
10 an external HTTP service.
11
12 # Configuration
13
14 ``` lua
15 VirtualHost "example.com"
16 authentication = "http"
17 http_auth_url = "http://example.com/auth"
18 ```
19
20 If the API requires Prosody to authenticate, you can provide static
21 credentials using HTTP Basic authentication, like so:
22
23 ```
24 http_auth_credentials = "prosody:secret-password"
25 ```
26
27 # Developers
28
29 This
30
31 ## Protocol
32
33 Prosody will make a HTTP request to the configured API URL with an
34 appended `/METHOD` where `METHOD` is one of the methods described below.
35
36 GET methods must expect a series of URL-encoded query parameters, while
37 POST requests will receive an URL-encoded form (i.e.
38 `application/x-www-form-urlencoded`).
39
40 ## Parameters
41
42 user
43 : The username, e.g. `stephanie` for the JID `stephanie@example.com`.
44
45 server
46 : The host part of the user's JID, e.g. `example.com` for the JID
47 `stephanie@example.com`.
48
49 pass
50 : For methods that verify or set a user's password, the password will
51 be supplied in this parameter, otherwise it is not set.
52
53 ## Methods
54
55 The only mandatory methods that the service must implement are `check_password`
56 and `user_exists`. Unsupported methods should return a HTTP status code
57 of `501 Not Implemented`, but other error codes will also be handled by
58 Prosody.
59
60 ### register
61
62 **HTTP method:**
63 : POST
64
65 **Success codes:**
66 : 201
67
68 **Error codes:**
69 : 409 (user exists)
70
71 ### check_password
72
73 **HTTP method:**
74 : GET
75
76 **Success codes:**
77 : 200
78
79 **Response:**
80 : A text string of `true` if the user exists, or `false` otherwise.
81
82 ### user_exists
83
84 **HTTP method:**
85 : GET
86
87 **Success codes:**
88 : 200
89
90 **Response:**
91 : A text string of `true` if the user exists, or `false` otherwise.
92
93 ### set_password
94
95 **HTTP method:**
96 : POST
97
98 **Success codes:**
99 : 200, 201, or 204
100
101 ### remove_user
102
103 **HTTP method:**
104 : POST
105
106 **Success codes:**
107 : 200, 201 or 204
108
109 ## Examples
110
111 With the following configuration:
112
113 ```
114 authentication = "http"
115 http_auth_url = "https://auth.example.net/api"
116
117 If a user connects and tries to log in to Prosody as "romeo@example.net"
118 with the password "iheartjuliet", Prosody would make the following HTTP
119 request:
120
121 ```
122 https://auth.example.net/api/check_password?user=romeo&server=example.net&pass=iheartjuliet
123 ```
124
125 # Compatibility
126
127 Requires Prosody 0.11.0 or later.