How to Use Custom HTTP Auth Module in Prosody

Written by: Bagus Facsi Aginsa
Published at: 17 Apr 2020

This guide is to show you how to use mod_auth_custom_http in prosody.

Download extension

You can download the latest version of the module here: Place the module in /usr/lib/prosody/modules/

Edit Module

Change this one line (local postdata) on module mod_auth_custom_http.lua

local getpass_authentication_profile = {
	plain_test = function(sasl, username, password, realm)
		--local postdata = json.encode({ username = username, password = password });
		local postdata = "username="..username.."&password="..password;
		local result = http.request(post_url, postdata);
		return result == "true", true;
        return new_sasl(, getpass_authentication_profile);

This module is not sending application/json header, but application/x-www-form-urlencoded. So your api should be ready to handle that request. There are 2 parameter inside the api request that is ‘username’ & ‘password’.

Edit Your Prosody Config FIle

nano /etc/prosody/conf.d/<domain>.cfg.lua

Add / Edit some line here:

consider_bosh_secure = true
consider_websocket_secure = true

VirtualHost "<>"
        authentication = "custom_http"
        auth_custom_http = { post_url = "http://<the api url>"; }

Important! This prosody module doesn’t support https post_url.