File

mod_http_auth_check/README.markdown @ 4299:8006da2cf44c

For deployments that have https://hg.prosody.im/trunk/file/tip/plugins/muc/register.lib.lua#l7 and use https://modules.prosody.im/mod_muc_http_auth.html users can still register to a MUC even if they are not allowed to join. That means they would receive RAI or RMN, for instance.
author Seve Ferrer <seve@delape.net>
date Tue, 15 Dec 2020 11:26:29 +0100
parent 3448:c4db126a9f04
line wrap: on
line source

---
labels:
summary: 'Test account credentials using HTTP'
...

Introduction
------------

This module lets you test whether a set of credentials are valid,
using Prosody's configured authentication mechanism.

This is useful as an easy way to allow other (e.g. non-XMPP) applications
to authenticate users using their XMPP credentials.

Syntax
------

To test credentials, issue a simple GET request with HTTP basic auth:

    GET /auth_check HTTP/1.1
    Authorization: Basic <base64(jid:password)>

Prosody will return a 2xx code on success (user exists and credentials are
correct), or 401 if the credentials are invalid. Any other code may be returned
if there is a problem handling the request.

### Example usage

Here follows some example usage using `curl`.

    curl http://prosody.local:5280/auth_check -u user@example.com:secr1t