view mod_auth_custom_http/README.md @ 6289:9b03238d4e0e

mod_http_oauth2: Only issue id_token when granted openid scope OpenID Connect Core 1.0 states that OIDC is only being done if the "openid" scope is included. https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1 Less details given out by default is good for privacy and byte count.
author Kim Alvefur <zash@zash.se>
date Tue, 15 Jul 2025 01:46:38 +0200
parents fe081789f7b5
children
line wrap: on
line source

---
summary: HTTP Authentication using custom JSON protocol
...

Introduction
============

To authenticate users, this module does a `POST` request to a configured
URL with a JSON payload. It is not async so requests block the server
until answered.

Configuration
=============

``` lua
VirtualHost "example.com"
authentication = "custom_http"
auth_custom_http = {
  post_url = "http://api.example.com/auth";
}
```

Protocol
========

The JSON payload consists of an object with `username` and `password`
members:

    {"username":"john","password":"secr1t"}

The module expects the response body to be exactly `true` if the
username and password are correct.