[ejabberd] Alternate authentication for BOSH clients?

Arne Claassen arne at getorganyzd.com
Sat May 30 00:42:56 MSD 2009

I'm sorry if this has been covered before, but i'm looking into  
automatically logging users on our site into the our ejabberd server  
when they visit a page using a bosh client. I have an authenticated  
session in the browser and know their user name and jid, but i don't  
want to have a non-secure web page deliver the password to the bosh  
component for login. I'd prefer to let it either use a one-time key or  
pass on the web session key. But at the same time, users should still  
be able to log in with an Xmpp Client and their user/pass. Is there a  
hook in ejabberd for that can either call a webservice for  
authentication, or do i need a custom module? I figure others using  
ejabberd for presence on their website must have run into this before.  
Any pointers would be appreciated.


More information about the ejabberd mailing list