[ejabberd] Alternate authentication for BOSH clients?

Carlos Abalde carlos.abalde at gmail.com
Sat May 30 01:20:32 MSD 2009


Why not just having an ad-hoc ejabberd authentication module with two 
modes: classic login/pass when using a xmpp client, and just the web 
session id when using a bosh js client in your site? That web session id 
could be easily checked in you backend against the set ol valid session 
ids.

------- Original message -------
> From: Arne Claassen <arne at getorganyzd.com>
> To: ejabberd at jabber.ru
> Sent: 29.5.'09,  22:42
>
> I'm sorry if this has been covered before, but i'm looking into 
> automatically logging users on our site into the our ejabberd server when 
> they visit a page using a bosh client. I have an authenticated session in 
> the browser and know their user name and jid, but i don't want to have a 
> non-secure web page deliver the password to the bosh component for login. 
> I'd prefer to let it either use a one-time key or pass on the web session 
> key. But at the same time, users should still be able to log in with an 
> Xmpp Client and their user/pass. Is there a hook in ejabberd for that can 
> either call a webservice for authentication, or do i need a custom module? 
> I figure others using ejabberd for presence on their website must have run 
> into this before. Any pointers would be appreciated.
>
> arne
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd



More information about the ejabberd mailing list