Mercurial > prosody-modules
comparison mod_auth_http_cookie/README.markdown @ 3037:bae7b0a002ef
mod_auth_http_cookie: Possibly temporary fork of mod_http_auth_async that adds cookie auth support
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 24 May 2018 13:25:13 +0100 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 3036:f7ebf8fcd602 | 3037:bae7b0a002ef |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - Stage-Alpha | |
| 4 ... | |
| 5 | |
| 6 Introduction | |
| 7 ============ | |
| 8 | |
| 9 This is an experimental authentication module that does an asynchronous | |
| 10 HTTP call to verify username and password. | |
| 11 | |
| 12 This is a (possibly temporary) fork of mod_http_auth_async that adds | |
| 13 support for authentication using a cookie and SASL EXTERNAL. | |
| 14 | |
| 15 Details | |
| 16 ======= | |
| 17 | |
| 18 When a user attempts to authenticate to Prosody, this module takes the | |
| 19 username and password and does a HTTP GET request with [Basic | |
| 20 authentication][rfc7617] to the configured `http_auth_url`. | |
| 21 | |
| 22 Configuration | |
| 23 ============= | |
| 24 | |
| 25 ``` lua | |
| 26 VirtualHost "example.com" | |
| 27 authentication = "http_auth_cookie" | |
| 28 http_auth_url = "http://example.com/auth" | |
| 29 http_cookie_auth_url = "https://example.com/testcookie.php?user=$user" | |
| 30 ``` | |
| 31 | |
| 32 Cookie Authentication | |
| 33 ===================== | |
| 34 | |
| 35 It is possible to link authentication to an existing web application. This | |
| 36 has the benefit that the user logging into the web application in their | |
| 37 browser will automatically log them into their XMPP account. | |
| 38 | |
| 39 There are some prerequisites for this to work: | |
| 40 | |
| 41 - The BOSH or Websocket requests must include the application's cookie in | |
| 42 the headers sent to Prosody. This typically means the web chat code needs | |
| 43 to be served from the same domain as the web application. | |
| 44 | |
| 45 - The web application must have a URL that returns 200 OK when called with | |
| 46 a valid cookie, and returns a different status code if the cookie is invalid | |
| 47 or not currently logged in. | |
| 48 | |
| 49 - The XMPP username for the user must be passed to Prosody by the client, or | |
| 50 returned in the 200 response from the web application. | |
| 51 | |
| 52 Set `http_cookie_auth_url` to the web application URL that is used to check the | |
| 53 cookie. You may use the variables `$host` for the XMPP host and `$user` for the | |
| 54 XMPP username. | |
| 55 | |
| 56 If the `$user` variable is included in the URL, the client must provide the username | |
| 57 via the "authzid" in the SASL EXTERNAL authentication mechanism. | |
| 58 | |
| 59 If the `$user` variable is *not* included in the URL, Prosody expects the web application's response to be the username instead, as UTF-8 text/plain. | |
| 60 | |
| 61 Compatibility | |
| 62 ============= | |
| 63 | |
| 64 Requires Prosody trunk |