What steps will reproduce the problem? 1. Create a component with mod_rest like mentioned in the docs. 2. Try to authenticate with basic auth with the example curl command What is the expected output? A message should be sent to the recipient jid. What do you see instead? 500 Internal Server Error reply with a traceback: ``` http.server: Traceback[httpserver]: /usr/lib/prosody/core/usermanager.lua:104: attempt to index field 'users' (a nil value) stack traceback: /usr/lib/prosody/core/usermanager.lua:104: in function 'test_password' /usr/lib/prosody/modules/mod_rest/mod_rest.lua:47: in function 'check_credentials' /usr/lib/prosody/modules/mod_rest/mod_rest.lua:288: in function </usr/lib/prosody/modules/mod_rest/mod_rest.lua:277> (...tail calls...) /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/net/http/server.lua:310: in function 'handle_request' /usr/lib/prosody/net/http/server.lua:127: in function 'func' /usr/lib/prosody/util/async.lua:144: in function </usr/lib/prosody/util/async.lua:142> ``` What version of the product are you using? On what operating system? Prosody 0.12 on manjaro linux Please provide any additional information below.

To do: - Clarify that mod_rest as a component will not accept user credentials, but rather works as an external component <https://prosody.im/doc/components#adding_an_external_component> so the expected credentials is `component_secret` - Handle or reject HTTP Basic authentication in Component mode.

• tags Component-Community Status-Accepted