Software /
code /
prosody-modules
Comparison
mod_auth_http/README.markdown @ 4157:93b12bfd7aa8
mod_auth_http: Yet another module to authenticate against a HTTP service
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 30 Sep 2020 13:20:11 +0100 |
child | 4158:df1e0465ff81 |
comparison
equal
deleted
inserted
replaced
4156:b79904446d9e | 4157:93b12bfd7aa8 |
---|---|
1 --- | |
2 labels: | |
3 - Stage-Alpha | |
4 summary: "Authenticate users against an external HTTP API" | |
5 ... | |
6 | |
7 # Overview | |
8 | |
9 This authentication module allows Prosody to authenticate users against | |
10 an external HTTP service. | |
11 | |
12 # Configuration | |
13 | |
14 ``` lua | |
15 VirtualHost "example.com" | |
16 authentication = "http" | |
17 http_auth_url = "http://example.com/auth" | |
18 ``` | |
19 | |
20 If the API requires Prosody to authenticate, you can provide static | |
21 credentials using HTTP Basic authentication, like so: | |
22 | |
23 ``` | |
24 http_auth_credentials = "prosody:secret-password" | |
25 ``` | |
26 | |
27 # Developers | |
28 | |
29 This | |
30 | |
31 ## Protocol | |
32 | |
33 Prosody will make a HTTP request to the configured API URL with an | |
34 appended `/METHOD` where `METHOD` is one of the methods described below. | |
35 | |
36 GET methods must expect a series of URL-encoded query parameters, while | |
37 POST requests will receive an URL-encoded form (i.e. | |
38 `application/x-www-form-urlencoded`). | |
39 | |
40 ## Parameters | |
41 | |
42 user | |
43 : The username, e.g. `stephanie` for the JID `stephanie@example.com`. | |
44 | |
45 server | |
46 : The host part of the user's JID, e.g. `example.com` for the JID | |
47 `stephanie@example.com`. | |
48 | |
49 pass | |
50 : For methods that verify or set a user's password, the password will | |
51 be supplied in this parameter, otherwise it is not set. | |
52 | |
53 ## Methods | |
54 | |
55 The only mandatory methods that the service must implement are `check_password` | |
56 and `user_exists`. Unsupported methods should return a HTTP status code | |
57 of `501 Not Implemented`, but other error codes will also be handled by | |
58 Prosody. | |
59 | |
60 ### register | |
61 | |
62 **HTTP method:** | |
63 : POST | |
64 | |
65 **Success codes:** | |
66 : 201 | |
67 | |
68 **Error codes:** | |
69 : 409 (user exists) | |
70 | |
71 ### check_password | |
72 | |
73 **HTTP method:** | |
74 : GET | |
75 | |
76 **Success codes:** | |
77 : 200 | |
78 | |
79 **Response:** | |
80 : A text string of `true` if the user exists, or `false` otherwise. | |
81 | |
82 ### user_exists | |
83 | |
84 **HTTP method:** | |
85 : GET | |
86 | |
87 **Success codes:** | |
88 : 200 | |
89 | |
90 **Response:** | |
91 : A text string of `true` if the user exists, or `false` otherwise. | |
92 | |
93 ### set_password | |
94 | |
95 **HTTP method:** | |
96 : POST | |
97 | |
98 **Success codes:** | |
99 : 200, 201, or 204 | |
100 | |
101 ### remove_user | |
102 | |
103 **HTTP method:** | |
104 : POST | |
105 | |
106 **Success codes:** | |
107 : 200, 201 or 204 | |
108 | |
109 ## Examples | |
110 | |
111 With the following configuration: | |
112 | |
113 ``` | |
114 authentication = "http" | |
115 http_auth_url = "https://auth.example.net/api" | |
116 | |
117 If a user connects and tries to log in to Prosody as "romeo@example.net" | |
118 with the password "iheartjuliet", Prosody would make the following HTTP | |
119 request: | |
120 | |
121 ``` | |
122 https://auth.example.net/api/check_password?user=romeo&server=example.net&pass=iheartjuliet | |
123 ``` | |
124 | |
125 # Compatibility | |
126 | |
127 Requires Prosody 0.11.0 or later. |