-
|
I installed the latest version of ejabberd and configured bosh and jwt authentication to it. However, when I try to log in from web client, on bosh, I always get the following as a reply: https://pastebin.com/BynRAMjA <body
rid: '5738344199'
xmlns='http://jabber.org/protocol/httpbind'
sid='460db7fcee7b4e81c79d5003286ca0a753a0a686'>
<auth
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='PLAIN'>dGVzdEBzc2wtd2ViL......
</auth>
</body>Seeking support from the community. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
I can use BOSH connection and JWT auth method, using ejabberd 22.05 and tkabber client. Following exactly the explanations in https://www.process-one.net/blog/ejabberd-19-08/ I use the default configuration, with just those changes: diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index 8eb038dd0..8abb510f5 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -16,6 +16,10 @@
hosts:
- localhost
+ - example.org
+
+auth_method: jwt
+jwt_key: /ejabberd/secret.jwk
loglevel: info
@@ -65,6 +69,7 @@ listen:
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
+ /bosh: mod_bosh
/.well-known/acme-challenge: ejabberd_acme
-
port: 3478
diff --git a/secret.jwk b/secret.jwk
new file mode 100644
index 000000000..2488d872b
--- /dev/null
+++ b/secret.jwk
@@ -0,0 +1,6 @@
+{
+ "kty": "oct",
+ "use": "sig",
+ "k": "cjjkgwWy64_olK22FaABFblB2d-L4kXC2TsTZ4ixxoyMh1wMNhwc3WbWfJsZV6OvVNesd2Xx4PQoOa_YX-g1EyHbNWPzDA8ptAXaBxBUjqtQHN9pEAly4HC9I3h1iQv8yKjj9h-dqCk10Z6aOZ0jxseBR0X-yPqsrzMKAw6_IFTeoEe-hiQwhpPR5XKitN3bJTCo5oZ_EKqRwWQ5pQ0He-Z4Iis2C1j2QlRf_0vWpbw5MsnUW3kEoLvPj2exFLuKKbsImzMeayIfuduQ4WJcgadYWvFlX3SU9mDmXLUWmHBYdTo5ip76uLHB3F3XAHAqeta5oeLqw7vopDPUyZMGMw",
+ "alg": "HS256"
+}I configure Tkabber client like this:
I had to add to This is what the Tkabber XML Raw console shows (IN means an incoming stanza from the server, OUT is a stanza that tkabber sends) <!-- 00:42:05.760 IN (::xmpp::1, test@example.org/tka1) -->
<stream:stream from='example.org' version='1.0' id='10495285647708590646'>
<!-- 00:42:05.761 IN (::xmpp::1, test@example.org/tka1) -->
<stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
<mechanism>X-OAUTH2</mechanism>
</mechanisms>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
<!-- 00:42:05.763 OUT (::xmpp::1, test@example.org/tka1) -->
<auth mechanism='PLAIN'
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>AHRlc3QAZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnFhV1FpT2lKMFpYTjBRR1Y0WVcxd2JHVXViM0puSWl3aVpYaHdJam94TnpjME5UUTJOVEV3ZlEuTzZtcmljQVJ4ZWNwS09tdGUwdURqRXBjRnd3SHd3ZHpZRjdUTTBLaWpKNA==</auth>
<!-- 00:42:05.773 IN (::xmpp::1, test@example.org/tka1) -->
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
<!-- 00:42:05.786 IN (::xmpp::1, test@example.org/tka1) -->
<stream:stream from='example.org' version='1.0' id='11729943912815066231'>
<!-- 00:42:05.787 IN (::xmpp::1, test@example.org/tka1) -->
<stream:features>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/>
<session xmlns='urn:ietf:params:xml:ns:xmpp-session'>
<optional/>
</session>
<c ver='uvhBXuDBgZPDOe20gTGIQZtUcz4='
node='http://www.process-one.net/en/ejabberd/'
hash='sha-1'
xmlns='http://jabber.org/protocol/caps'/>
<sm xmlns='urn:xmpp:sm:2'/>
<sm xmlns='urn:xmpp:sm:3'/>
<ver xmlns='urn:xmpp:features:rosterver'/>
<csi xmlns='urn:xmpp:csi:0'/>
</stream:features>
<!-- 00:42:05.792 OUT (::xmpp::1, test@example.org/tka1) -->
<iq id='84:318441'
xml:lang='es'
type='set'>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<resource>tka1</resource>
</bind>
</iq>
<!-- 00:42:05.849 IN (::xmpp::1, test@example.org/tka1) -->
<iq xml:lang='es'
type='result'
id='84:318441'>
<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
<jid>test@example.org/tka1</jid>
</bind>
</iq> |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. You are right. I followed the instructions and it works perfectly. I have one more question, is it possible to make offline messages work when authentication is jwt in this version? |
Beta Was this translation helpful? Give feedback.
-
Not possible when using the JWT auth module. Other modules that check external auth information (like extauth) support account caching, which allows ejabberd to remember what accounts have already logged in (and support offline messages, etc). But the JWT auth module does not support auth caching. So, an alternative solution would be you write an extauth script that internally uses JWT, and instead of configuring ejabberd to use jwt auth, configure ejabberd to use extauth and enable auth caching... |
Beta Was this translation helpful? Give feedback.
I can use BOSH connection and JWT auth method, using ejabberd 22.05 and tkabber client.
Following exactly the explanations in https://www.process-one.net/blog/ejabberd-19-08/
I use the default configuration, with just those changes: