Diff

mod_auth_http/README.markdown @ 4157:93b12bfd7aa8

mod_auth_http: Yet another module to authenticate against a HTTP service
author Matthew Wild <mwild1@gmail.com>
date Wed, 30 Sep 2020 13:20:11 +0100
child 4158:df1e0465ff81
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_auth_http/README.markdown	Wed Sep 30 13:20:11 2020 +0100
@@ -0,0 +1,127 @@
+---
+labels:
+- Stage-Alpha
+summary: "Authenticate users against an external HTTP API"
+...
+
+# Overview
+
+This authentication module allows Prosody to authenticate users against
+an external HTTP service.
+
+# Configuration
+
+``` lua
+VirtualHost "example.com"
+  authentication = "http"
+  http_auth_url = "http://example.com/auth"
+```
+
+If the API requires Prosody to authenticate, you can provide static
+credentials using HTTP Basic authentication, like so:
+
+```
+http_auth_credentials = "prosody:secret-password"
+```
+
+# Developers
+
+This 
+
+## Protocol
+
+Prosody will make a HTTP request to the configured API URL with an
+appended `/METHOD` where `METHOD` is one of the methods described below.
+
+GET methods must expect a series of URL-encoded query parameters, while
+POST requests will receive an URL-encoded form (i.e.
+`application/x-www-form-urlencoded`).
+
+## Parameters
+
+user
+: The username, e.g. `stephanie` for the JID `stephanie@example.com`.
+
+server
+: The host part of the user's JID, e.g. `example.com` for the JID
+  `stephanie@example.com`.
+
+pass
+: For methods that verify or set a user's password, the password will
+  be supplied in this parameter, otherwise it is not set.
+
+## Methods
+
+The only mandatory methods that the service must implement are `check_password`
+and `user_exists`. Unsupported methods should return a HTTP status code
+of `501 Not Implemented`, but other error codes will also be handled by
+Prosody.
+
+### register
+
+**HTTP method:**
+: POST
+
+**Success codes:**
+: 201
+
+**Error codes:**
+: 409 (user exists)
+
+### check_password
+
+**HTTP method:**
+: GET
+
+**Success codes:**
+: 200
+
+**Response:**
+: A text string of `true` if the user exists, or `false` otherwise.
+
+### user_exists
+
+**HTTP method:**
+: GET
+
+**Success codes:**
+: 200
+
+**Response:**
+: A text string of `true` if the user exists, or `false` otherwise.
+
+### set_password
+
+**HTTP method:**
+: POST
+
+**Success codes:**
+: 200, 201, or 204
+
+### remove_user
+
+**HTTP method:**
+: POST
+
+**Success codes:**
+: 200, 201 or 204
+
+## Examples
+
+With the following configuration:
+
+```
+authentication = "http"
+http_auth_url = "https://auth.example.net/api"
+
+If a user connects and tries to log in to Prosody as "romeo@example.net"
+with the password "iheartjuliet", Prosody would make the following HTTP
+request:
+
+```
+https://auth.example.net/api/check_password?user=romeo&server=example.net&pass=iheartjuliet
+```
+
+# Compatibility
+
+Requires Prosody 0.11.0 or later.