1--- 2labels: 3- Stage-Alpha 4... 5 6Introduction 7============ 8 9This is an experimental authentication module that does an asynchronous 10HTTP call to verify username and password. 11 12This is a (possibly temporary) fork of mod_http_auth_async that adds 13support for authentication using a cookie and SASL EXTERNAL. 14 15Details 16======= 17 18When a user attempts to authenticate to Prosody, this module takes the 19username and password and does a HTTP GET request with [Basic 20authentication][rfc7617] to the configured `http_auth_url`. 21 22Configuration 23============= 24 25``` lua 26VirtualHost "example.com" 27 authentication = "http_auth_cookie" 28 http_auth_url = "http://example.com/auth" 29 http_cookie_auth_url = "https://example.com/testcookie.php?user=$user" 30``` 31 32Cookie Authentication 33===================== 34 35It is possible to link authentication to an existing web application. This 36has the benefit that the user logging into the web application in their 37browser will automatically log them into their XMPP account. 38 39There are some prerequisites for this to work: 40 41 - The BOSH or Websocket requests must include the application's cookie in 42 the headers sent to Prosody. This typically means the web chat code needs 43 to be served from the same domain as the web application. 44 45 - The web application must have a URL that returns 200 OK when called with 46 a valid cookie, and returns a different status code if the cookie is invalid 47 or not currently logged in. 48 49 - The XMPP username for the user must be passed to Prosody by the client, or 50 returned in the 200 response from the web application. 51 52Set `http_cookie_auth_url` to the web application URL that is used to check the 53cookie. You may use the variables `$host` for the XMPP host and `$user` for the 54XMPP username. 55 56If the `$user` variable is included in the URL, the client must provide the username 57via the "authzid" in the SASL EXTERNAL authentication mechanism. 58 59If the `$user` variable is *not* included in the URL, Prosody expects the web application's response to be the username instead, as UTF-8 text/plain. 60 61Compatibility 62============= 63 64Requires Prosody trunk 65