Comparison

mod_auth_http_cookie/README.markdown @ 3037:bae7b0a002ef

mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support
author Matthew Wild <mwild1@gmail.com>
date Thu, 24 May 2018 13:25:13 +0100
comparison
equal deleted inserted replaced
3036:f7ebf8fcd602 3037:bae7b0a002ef
1 ---
2 labels:
3 - Stage-Alpha
4 ...
5
6 Introduction
7 ============
8
9 This is an experimental authentication module that does an asynchronous
10 HTTP call to verify username and password.
11
12 This is a (possibly temporary) fork of mod_http_auth_async that adds
13 support for authentication using a cookie and SASL EXTERNAL.
14
15 Details
16 =======
17
18 When a user attempts to authenticate to Prosody, this module takes the
19 username and password and does a HTTP GET request with [Basic
20 authentication][rfc7617] to the configured `http_auth_url`.
21
22 Configuration
23 =============
24
25 ``` lua
26 VirtualHost "example.com"
27 authentication = "http_auth_cookie"
28 http_auth_url = "http://example.com/auth"
29 http_cookie_auth_url = "https://example.com/testcookie.php?user=$user"
30 ```
31
32 Cookie Authentication
33 =====================
34
35 It is possible to link authentication to an existing web application. This
36 has the benefit that the user logging into the web application in their
37 browser will automatically log them into their XMPP account.
38
39 There are some prerequisites for this to work:
40
41 - The BOSH or Websocket requests must include the application's cookie in
42 the headers sent to Prosody. This typically means the web chat code needs
43 to be served from the same domain as the web application.
44
45 - The web application must have a URL that returns 200 OK when called with
46 a valid cookie, and returns a different status code if the cookie is invalid
47 or not currently logged in.
48
49 - The XMPP username for the user must be passed to Prosody by the client, or
50 returned in the 200 response from the web application.
51
52 Set `http_cookie_auth_url` to the web application URL that is used to check the
53 cookie. You may use the variables `$host` for the XMPP host and `$user` for the
54 XMPP username.
55
56 If the `$user` variable is included in the URL, the client must provide the username
57 via the "authzid" in the SASL EXTERNAL authentication mechanism.
58
59 If the `$user` variable is *not* included in the URL, Prosody expects the web application's response to be the username instead, as UTF-8 text/plain.
60
61 Compatibility
62 =============
63
64 Requires Prosody trunk