Auth backend with hooks

[pouriya]

Hi. I want to implement OpenID backend and I was thinking of implementing it as a gen_mod module not ejabberd_auth_* module. I implemented a HTTP authentication backend (ejabberd_auth_http) before and I had to change ejabberd_option to support my own options too. Why we do not have an authentication backend (like ejabberd_auth_hook) that runs hooks in its callbacks? For example:

-module(ejabberd_auth_hook).
-behaviour(ejabberd_auth).
-author('it will be my name if you accept a pr for it').

-export(
    [
        % ...
    ]
).

%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
start(Host) ->
    % use run_fold because callbacks can return {stop, {error, TheirError}} if they want to stop everything
    case ejabberd_hooks:run_fold(auth_start, Host, ok, [Host]) of 
        ok ->
            ok;
        {error, Reason} ->
            % let other callbacks clean their things
            stop(Host, Reason) 
    end.

stop(Host) ->
    stop(Host, normal).

stop(Host, Reason) ->
    ejabberd_hooks:run(auth_stop, Host, [Reason, Host]).

plain_password_required(Server) ->
    ejabberd_hooks:run_fold(auth_plain_password_required, Server, false, [Server]).

store_type(Server) ->
    ejabberd_hooks:run_fold(auth_store_type, Server, ejabberd_auth:password_format(Server), [Server]).

% And so on ...

[badlop]

Let's see if I understood it, because initially it looks like a cool idea. Right now there are two ways to add a new auth method to ejabberd:

A) write an extauth script. No way to configure options inside that script in ejabberd

auth_method: [external]
extauth_program: /etc/ejabberd/JabberAuth.class.php

B) write an ejabberd_auth. If it has options, they must be defined in ejabberd upstream...

auth_method: http
auth_opts:
  host: "http://localhost:12000"
  connection_pool_size: 10
  connection_opts: []
  basic_auth: ""
  path_prefix: "/"

C) your idea is a small ejabberd_auth_hook that acts as a "frontend" running hooks. Modules can be installed, configured, started... without touching ejabberd upstream code.

auth_method: hook

modules:
  mod_auth_http:
    host: "http://localhost:12000"
    connection_pool_size: 10
    connection_opts: []

When having several vhosts, each one with a different authhook module

hosts:
  - one.example.org
  - two.example.org

modules:
  ...

append_host_config:
  one.example.org:
    modules:
      mod_auth_http:
        host: "http://localhost:12000"
        connection_pool_size: 10
  two.example.org:
    modules:
      mod_auth_openid:
        url: "https://openid:1234"
        api_version: "5.1"

I guess it's worth checking.

In fact, as ejabberd_auth_hook doesn't need any option, in theory it doesn't need any change in ejabberd upstream, so it can be placed in ejabberd-contrib

[pouriya]

fair enough.