Changeset

--- a/mod_rest/README.md	Sat May 31 16:07:29 2025 +0200
+++ b/mod_rest/README.md	Sat May 31 16:59:35 2025 +0200
@@ -37,13 +37,11 @@
 
 ## As a Component
 
-If you install this as a component, you won't be able to use user authentication above,
-and must use OAuth2 authentication outlined below.
+If you install this as a component, the HTTP Basic credentials are the components base JID along with its secret.
 
 ``` {.lua}
 Component "chat.example.com" "rest"
 component_secret = "dmVyeSBzZWNyZXQgdG9rZW4K"
-modules_enabled = {"http_oauth2"}
 ```
 
 ## User authentication

--- a/mod_rest/mod_rest.lua	Sat May 31 16:07:29 2025 +0200
+++ b/mod_rest/mod_rest.lua	Sat May 31 16:59:35 2025 +0200
@@ -64,7 +64,7 @@
 		return nil, post_errors.new("noauthz", { request = request });
 	end
 
-	if auth_type == "basic" then
+	if auth_type == "basic" and module:get_host_type() == "local" then
 		local creds = base64.decode(auth_data);
 		if not creds then
 			return nil, post_errors.new("malformauthz", { request = request });
@@ -81,6 +81,13 @@
 			return false, post_errors.new("unauthz", { request = request });
 		end
 		return { username = username; host = module.host };
+	elseif auth_type == "basic" and module:get_host_type() == "component" then
+		local component_secret = module:get_option_string("component_secret");
+		local creds = base64.decode(auth_data);
+		if creds ~= module.host .. ":" .. component_secret then
+			return nil, post_errors.new("malformauthz", { request = request });
+		end
+		return { host = module.host };
 	elseif auth_type == "bearer" then
 		if tokens.get_token_session then
 			local token_session, err = tokens.get_token_session(auth_data);