view mod_http_authentication/README.markdown @ 5149:fa56ed2bacab

mod_unified_push: Add support for multiple token backends, including stoage Now that we have ACLs by default, it is no longer necessary to be completely stateless. On 0.12, using storage has benefits over JWT, because it does not expose client JIDs to the push apps/services. In trunk, PASETO is stateless and does not expose client JIDs.
author Matthew Wild <mwild1@gmail.com>
date Sat, 14 Jan 2023 14:31:37 +0000
parents b19d64dd4c66
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Enforces HTTP Basic authentication across all HTTP endpoints served by Prosody
...

# mod_http_authentication

This module enforces HTTP Basic authentication across all HTTP endpoints served by Prosody.

## Configuration

  Name                               Default                           Description
  ---------------------------------- --------------------------------- --------------------------------------------------------------------------------------------------------------------------------------
  http\_credentials                  "minddistrict:secretpassword"     The credentials that HTTP clients must provide to access the HTTP interface. Should be a string with the syntax "username:password".
  unauthenticated\_http\_endpoints   { "/http-bind", "/http-bind/" }   A list of paths that should be excluded from authentication.

## Usage

This is a global module, so should be added to the global `modules_enabled` option in your config file. It applies to all HTTP virtual hosts.

## Compatibility

The module use a new API in Prosody 0.10 and will not work with older
versions.

## Details

By Kim Alvefur \<zash@zash.se\>