Mercurial > prosody-modules
annotate mod_auth_custom_http/README.markdown @ 5448:9d542e86e19a
mod_http_oauth2: Allow requesting a subset of scopes on token refresh
This enables clients to request access tokens with fewer permissions
than the grant they were given, reducing impact of token leak. Clients
could e.g. request access tokens with some privileges and immediately
revoke them after use, or other strategies.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 11 May 2023 21:40:09 +0200 |
| parents | f90cf59bee8e |
| children |
| rev | line source |
|---|---|
| 1934 | 1 --- |
| 2 summary: HTTP Authentication using custom JSON protocol | |
| 3 ... | |
| 4 | |
| 5 Introduction | |
| 6 ============ | |
| 7 | |
| 8 To authenticate users, this module does a `POST` request to a configured | |
| 9 URL with a JSON payload. It is not async so requests block the server | |
| 10 until answered. | |
| 11 | |
| 12 Configuration | |
| 13 ============= | |
| 14 | |
| 15 ``` lua | |
| 16 VirtualHost "example.com" | |
| 17 authentication = "custom_http" | |
|
2868
f90cf59bee8e
mod_auth_custom_http: fix documentation config example
Senya <senya@kinetiksoft.com>
parents:
1934
diff
changeset
|
18 auth_custom_http = { |
|
f90cf59bee8e
mod_auth_custom_http: fix documentation config example
Senya <senya@kinetiksoft.com>
parents:
1934
diff
changeset
|
19 post_url = "http://api.example.com/auth"; |
|
f90cf59bee8e
mod_auth_custom_http: fix documentation config example
Senya <senya@kinetiksoft.com>
parents:
1934
diff
changeset
|
20 } |
| 1934 | 21 ``` |
| 22 | |
| 23 Protocol | |
| 24 ======== | |
| 25 | |
| 26 The JSON payload consists of an object with `username` and `password` | |
| 27 members: | |
| 28 | |
| 29 {"username":"john","password":"secr1t"} | |
| 30 | |
| 31 The module expects the response body to be exactly `true` if the | |
| 32 username and password are correct. |