Software /
code /
prosody-modules
File
mod_auth_http/README.markdown @ 4452:6086fcf20da8
mod_muc_http_defaults: Minor schema tweak
I think this makes more sense, after reading more about JSON Schema.
Single field can't more than one of these two anyways.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 20 Feb 2021 20:16:24 +0100 |
parent | 4158:df1e0465ff81 |
child | 4594:1da63fe35ef3 |
line wrap: on
line source
--- labels: - Stage-Alpha summary: "Authenticate users against an external HTTP API" ... # Overview This authentication module allows Prosody to authenticate users against an external HTTP service. # Configuration ``` lua VirtualHost "example.com" authentication = "http" http_auth_url = "http://example.com/auth" ``` If the API requires Prosody to authenticate, you can provide static credentials using HTTP Basic authentication, like so: ``` http_auth_credentials = "prosody:secret-password" ``` # Developers This section contains information for developers who wish to implement a HTTP service that Prosody can use for authentication. ## Protocol Prosody will make a HTTP request to the configured API URL with an appended `/METHOD` where `METHOD` is one of the methods described below. GET methods must expect a series of URL-encoded query parameters, while POST requests will receive an URL-encoded form (i.e. `application/x-www-form-urlencoded`). ## Parameters user : The username, e.g. `stephanie` for the JID `stephanie@example.com`. server : The host part of the user's JID, e.g. `example.com` for the JID `stephanie@example.com`. pass : For methods that verify or set a user's password, the password will be supplied in this parameter, otherwise it is not set. ## Methods The only mandatory methods that the service must implement are `check_password` and `user_exists`. Unsupported methods should return a HTTP status code of `501 Not Implemented`, but other error codes will also be handled by Prosody. ### register **HTTP method:** : POST **Success codes:** : 201 **Error codes:** : 409 (user exists) ### check_password **HTTP method:** : GET **Success codes:** : 200 **Response:** : A text string of `true` if the user exists, or `false` otherwise. ### user_exists **HTTP method:** : GET **Success codes:** : 200 **Response:** : A text string of `true` if the user exists, or `false` otherwise. ### set_password **HTTP method:** : POST **Success codes:** : 200, 201, or 204 ### remove_user **HTTP method:** : POST **Success codes:** : 200, 201 or 204 ## Examples With the following configuration: ``` authentication = "http" http_auth_url = "https://auth.example.net/api" If a user connects and tries to log in to Prosody as "romeo@example.net" with the password "iheartjuliet", Prosody would make the following HTTP request: ``` https://auth.example.net/api/check_password?user=romeo&server=example.net&pass=iheartjuliet ``` # Compatibility Requires Prosody 0.11.0 or later.