This hook allows you to externally check the provided password, its main use case is to allow to easily support things like password+OTP for protocols without keyboard interactive support such as FTP and WebDAV. You can ask your users to login using a string consisting of a fixed password and a One Time Token, you can verify the token inside the hook and ask to SFTPGo to verify the fixed part.
The same thing can be achieved using [External authentication](./external-auth.md) but using this hook is simpler in some use cases.
The `check password hook` can be defined as the absolute path of your program or an HTTP URL.
The expected response is a JSON serialized struct containing the following keys:
-`status` integer. 0 means KO, 1 means OK, 2 means partial success
-`to_verify` string. For `status` = 2 SFTPGo will check this password against the one stored inside SFTPGo data provider
Global environment variables are cleared, for security reasons, when the script is called. You can set additional environment variables in the "command" configuration section.
If authentication succeeds the HTTP response code must be 200 and the response body must contain the expected JSON serialized response described above.
An example check password program allowing 2FA using password + one time token can be found inside the source tree [checkpwd](../examples/OTP/authy/checkpwd) directory.
