[ejabberd] Alternate authentication for BOSH clients?
pablo.platt at yahoo.com
Sat May 30 01:27:10 MSD 2009
is it possible to create the session for the client IP using an ejabberd module and send back the Sid and Rid?
From: Carlos Abalde <carlos.abalde at gmail.com>
To: ejabberd at jabber.ru
Sent: Saturday, May 30, 2009 12:20:32 AM
Subject: Re: [ejabberd] Alternate authentication for BOSH clients?
Why not just having an ad-hoc ejabberd authentication module with two modes: classic login/pass when using a xmpp client, and just the web session id when using a bosh js client in your site? That web session id could be easily checked in you backend against the set ol valid session ids.
------- Original message -------
> From: Arne Claassen <arne at getorganyzd.com>
> To: ejabberd at jabber.ru
> Sent: 29.5.'09, 22:42
> I'm sorry if this has been covered before, but i'm looking into automatically logging users on our site into the our ejabberd server when they visit a page using a bosh client. I have an authenticated session in the browser and know their user name and jid, but i don't want to have a non-secure web page deliver the password to the bosh component for login. I'd prefer to let it either use a one-time key or pass on the web session key. But at the same time, users should still be able to log in with an Xmpp Client and their user/pass. Is there a hook in ejabberd for that can either call a webservice for authentication, or do i need a custom module? I figure others using ejabberd for presence on their website must have run into this before. Any pointers would be appreciated.
> ejabberd mailing list
> ejabberd at jabber.ru
ejabberd mailing list
ejabberd at jabber.ru
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ejabberd