Mercurial > prosody-modules
view mod_auth_custom_http/README.markdown @ 5407:149634647b48
mod_http_oauth2: Don't issue client_secret when not using authentication
This is pretty much only for implicit flow, which is considered insecure
anyway, so this is of limited value. If we delete all the implicit flow
code, this could be reverted.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:39:32 +0200 |
parents | f90cf59bee8e |
children |
line wrap: on
line source
--- summary: HTTP Authentication using custom JSON protocol ... Introduction ============ To authenticate users, this module does a `POST` request to a configured URL with a JSON payload. It is not async so requests block the server until answered. Configuration ============= ``` lua VirtualHost "example.com" authentication = "custom_http" auth_custom_http = { post_url = "http://api.example.com/auth"; } ``` Protocol ======== The JSON payload consists of an object with `username` and `password` members: {"username":"john","password":"secr1t"} The module expects the response body to be exactly `true` if the username and password are correct.