grim/prosody_mod_auth_jetbrains_hub

Lots of cleanups including group checking that actually works
draft
2021-02-11, Gary Kramlich
d3192c27e286
Lots of cleanups including group checking that actually works
---
labels:
- Stage-Alpha
...
# Introduction
This is an experimental authentication modules that connects Prosody to
[JetBrains Hub](https://www.jetbrains.com/hub/).
# Details
When a user attempts to authenticate to Prosody, this module will ask Hub if
their credentials are correct and optionally if they are allowed to access
Prosody.
# Prerequisites
To get this up and running you're going to need to get Hub itself up and
running. Documentation for installation can be found
[here](https://www.jetbrains.com/help/hub/installation-and-upgrade.html).
Once your Hub installation is up and running we need to create a new service
in Hub that will allows us to query it. To start you'll need to access the
services page of your Hub instance. If you Hub is running on `hub.example.com`
you can find it at `https://hub.example.com/hub/services`.
Once you're on the services page, go ahead and click `New service...`. You
really only need to set a name for this service, but adding a `Home URL` will
make it so people can access it from the Hub interface. But that's really only
necessary if you have some HTTP setup in your Prosody install.
Once you've created the service all we need to talk to it is the `ID` of the
client and it's secret. When the service is created it has a random secret
that isn't shown, so go ahead and click the `Change...` button next to
`Secret`. Please note, that this is the only time that Hub will show the
secret, so be sure to store it.
Now that the service is configured in Hub we can go ahead and configure the
Prosody module to talk to it.
# Configuration
``` lua
VirtualHost "example.com"
authentication = "jetbrains_hub"
jetbrains_hub_url = "https://hub.example.com/hub"
jetbrains_hub_scopes = "0-0-0-0-0"
jetbrains_hub_client_id = "Client ID"
jetbrains_hub_client_secret = "Client Secret Key"
jetbrains_hub_groups = {}
```
`jetbrains_hub_url` is the url to the root of your Hub installation. In the
example above, hub is running on HTTPS at `hub.example.com` with it's normal
path of `/hub`.
`jetbrains_hub_scopes` is the ID of the Hub service itself. In my experience
this is always `0-0-0-0-0` but you can double check by going to
`https://hub.example.com/hub/services/jetbrains-hub-service`. You want the
value from the `ID` field.
`jetbrains_hub_client_id` and `hub_client_secret` are the values for the
service ID and secret that were created in the prerequisites section.
`jetbrains_hub_groups` is a table of hub group names that are allowed to access
the server. If no groups are given any user that exists in hub will be allowed
to access Prosody.
# Compatibility
Requires Prosody trunk.