prosody-modules
aa4828f040c5
mod_auth_custom_http/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_custom_http/README.markdown @ 5447:aa4828f040c5

mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 19:33:44 +0200
parent 2868:f90cf59bee8e
line wrap: on
line source

---
summary: HTTP Authentication using custom JSON protocol
...

Introduction
============

To authenticate users, this module does a `POST` request to a configured
URL with a JSON payload. It is not async so requests block the server
until answered.

Configuration
=============

``` lua
VirtualHost "example.com"
authentication = "custom_http"
auth_custom_http = {
  post_url = "http://api.example.com/auth";
}
```

Protocol
========

The JSON payload consists of an object with `username` and `password`
members:

    {"username":"john","password":"secr1t"}

The module expects the response body to be exactly `true` if the
username and password are correct.