Software /
code /
prosody-modules
File
mod_auth_custom_http/README.markdown @ 5210:898575a0c6f3
mod_http_oauth2: Switch to '303 See Other' redirects
This is the recommendation by draft-ietf-oauth-v2-1-07 section 7.5.2. It is
the only redirect code that guarantees the user agent will use a GET request,
rather than re-submitting a POST request to the new URL.
The latter would be bad for us, as we are encoding auth tokens in the form
data.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 06 Mar 2023 10:37:43 +0000 (22 months ago) |
parent | 2868:f90cf59bee8e |
line wrap: on
line source
--- summary: HTTP Authentication using custom JSON protocol ... Introduction ============ To authenticate users, this module does a `POST` request to a configured URL with a JSON payload. It is not async so requests block the server until answered. Configuration ============= ``` lua VirtualHost "example.com" authentication = "custom_http" auth_custom_http = { post_url = "http://api.example.com/auth"; } ``` Protocol ======== The JSON payload consists of an object with `username` and `password` members: {"username":"john","password":"secr1t"} The module expects the response body to be exactly `true` if the username and password are correct.