view mod_auth_http_async/README.md @ 6411:b00638d74f46

mod_unified_push: Allow additional CORS headers for unified push (fixes #1985) - Request header "TTL" is mandated by the HTTP Push specification RFC 8030: https://datatracker.ietf.org/doc/html/rfc8030#section-5 - Firefox sends "Content-Encoding" with a HTTP form submission, so it is required when using the Unified Push testing tool at https://unifiedpush.org/test_wp.html (with the full URL being delivered by the UP-Example Android app) Adding both headers makes the Unified Push testing tool work from the browser. Resolves: https://issues.prosody.im/1985
author Christian Weiske <cweiske@cweiske.de>
date Sat, 21 Feb 2026 19:13:08 +0100
parents 7b693a5539ad
children
line wrap: on
line source

---
labels:
- Stage-Alpha
...

Introduction
============

This is an authentication module that does an asynchronous
HTTP call to verify username and password.

Details
=======

When a user attempts to authenticate to Prosody, this module takes the
username and password and does a HTTP GET request with [Basic
authentication][rfc7617] to the configured `http_auth_url`.

Configuration
=============

After installing, enable the module by setting `authentication` to `"http_async"`.

The only setting is `http_auth_url` which should contain the URL endpoint where the authentication query is sent to. It can contain `$host` and
`$user` which are substituted for the current VirtualHost and the authenticating username, respectively.

``` lua
VirtualHost "example.com"
authentication = "http_async"
http_auth_url = "http://example.com/auth"
```

Compatibility
=============

Should work with Prosody 0.10.x and later.