search

adamvduke / mod_interact

A module to forward certain ejabberd notifications to an arbitrary url
89 stars 30 forks source link

Which auth_token should use? #11

Closed yashwanthbabu closed 8 years ago

yashwanthbabu commented 9 years ago

Hi @adamvduke , I am using this module for the offline user messages stuff. I am confused with the auth_token. Which auth_token should I use for this? Should I use it from Prowl or it is from the api which I use?

vkrm26 commented 8 years ago

Hi yashwanthbabu, Are you able to resolve what is auth_token over here?

adamvduke commented 8 years ago

The module was originally designed with the thought that it posts to some webhook at some URL, and that webhook is minimally protected from abuse by requiring a parameter named 'auth_token'.

For instance, if the module is configured with the auth_token this-is-a-secret then it makes a request to http://localhost/my-web-hook?auth_token=this-is-a-secret, and the webhook should verify that the auth_token parameter for incoming requests is this-is-a-secret. It is a shared secret between the ejabberd config and the server receiving the webhooks.