Mercurial > prosody-modules
annotate mod_http_auth_check/README.markdown @ 5511:0860497152af
mod_http_oauth2: Record hash of client_id to allow future verification
RFC 6819 section 5.2.2.2 states that refresh tokens MUST be bound to the
client. In order to do that, we must record something that can
definitely tie the client to the grant. Since the full client_id is so
large (why we have this client_subset function), a hash is stored
instead.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 02 Jun 2023 10:14:16 +0200 |
| parents | c4db126a9f04 |
| children |
| rev | line source |
|---|---|
|
2884
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
1 --- |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
2 labels: |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
3 summary: 'Test account credentials using HTTP' |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
4 ... |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
5 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
6 Introduction |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
7 ------------ |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
8 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
9 This module lets you test whether a set of credentials are valid, |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
10 using Prosody's configured authentication mechanism. |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
11 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
12 This is useful as an easy way to allow other (e.g. non-XMPP) applications |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
13 to authenticate users using their XMPP credentials. |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
14 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
15 Syntax |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
16 ------ |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
17 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
18 To test credentials, issue a simple GET request with HTTP basic auth: |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
19 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
20 GET /auth_check HTTP/1.1 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
21 Authorization: Basic <base64(jid:password)> |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
22 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
23 Prosody will return a 2xx code on success (user exists and credentials are |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
24 correct), or 401 if the credentials are invalid. Any other code may be returned |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
25 if there is a problem handling the request. |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
26 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
27 ### Example usage |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
28 |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
29 Here follows some example usage using `curl`. |
|
16e9f37b3f82
mod_http_auth_check: New HTTP module to test user credentials
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
diff
changeset
|
30 |
|
3448
c4db126a9f04
Fix http_auth_check example in README
Nicolas Cedilnik <nicoco@nicoco.fr>
parents:
2884
diff
changeset
|
31 curl http://prosody.local:5280/auth_check -u user@example.com:secr1t |