[ejabberd] Server-side authentication passed to client side

Andy Skelton skeltoac at gmail.com
Mon Jul 27 18:50:58 MSD 2009


I've been doing what Jack said. What he didn't explain was the
out-of-band authentication step. The web server has to talk to the
jabber server somehow. My users' passwords are stored hashed and I
didn't want to do all the BOSH handshaking between servers so I wrote
a web module that takes a single, superuser-authenticated HTTP request
and returns the user's JID, SID, and RID for use in Strophe's attach()
function.

http://github.com/skeltoac/http_prebind

This is a very sloppy hack that works well for me. Feel free to fork it.

Andy

On Sun, Jul 26, 2009 at 5:55 PM, Kevin Mullen<frantic at hotmail.co.uk> wrote:
> Hey guys,
>
> I'm trying to make a web implementation of a jabber client (possibly using
> one of the javascript libraries I have found JsJac maybe, unless anyone can
> suggest a better one).
>
> The thing is I don't want my user to log-in twice, once to my website and
> secondly to jabber via the clientside.  My question is:  Is there a way to
> authenticate with the jabber server on the web server when the user logs in,
> and then pass this 'authentication' by means of a token or something similar
> to the client?  Therefore removing the need for the client application
> running in the user's web browser to authenticate too?
>
> Thanks in advance for any advice on this.
>
> Kevin.
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
>


More information about the ejabberd mailing list