[ejabberd] oauth

jabber xmpp jabbers.xmpp at gmail.com
Sat May 26 09:05:22 MSK 2018


HI, I want to use oauth for users authentication, I use ejabberd 18.01 and
ejabberd config is:
===========
  -
    port: 5280
#    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/ws": ejabberd_http_ws
       # OAuth Support
      "/oauth": ejabberd_oauth
#      "/bosh": mod_bosh
      "/api": mod_http_api
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    register: true
    captcha: true
  ##
========================

commands_admin_access: configure
commands:
  - add_commands:
    - user
oauth_expire: 31536000
oauth_access: all
oauth_use_cache: false
#oauth_cache_misse: false
api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      - admin
      - oauth:
       - scope: "ejabberd:admin"
        - admin
    what:
      - "*"
      - "!stop"
      - "!start"
================================
I generate token from this url
http://127.0.0.1:5280/oauth/authorization_token, for example generate token
fro user1 at n and ejabberd.log is:
=================================
2018-05-26 10:02:19.844 [debug] <0.574.0>@ejabberd_http:process_header:277
(#Port<0.21554>) http query: 'POST' <<"/oauth/authorization_token">>
2018-05-26 10:02:19.844 [debug]
<0.574.0>@ejabberd_http:extract_path_query:408 client data:
<<"username=user1%40n&password=user1&response_type=&client_id=&redirect_uri=&scope=&state=&ttl=31536000">>
2018-05-26 10:02:19.844 [debug] <0.574.0>@ejabberd_http:process:364
[<<"oauth">>,<<"authorization_token">>] matches [<<"oauth">>]
2018-05-26 10:02:19.857 [debug]
<0.336.0>@ejabberd_sql:sql_query_internal:593 SQL: "select password,
serverkey, salt, iterationcount from users where username='user1' and 0=0"
2018-05-26 10:02:19.870 [debug]
<0.337.0>@ejabberd_sql:sql_query_internal:593 SQL: "UPDATE oauth_token SET
jid=*'user1 at n*', *scope*='', expire=*1558848739* WHERE token='
*DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp*'"
2018-05-26 10:02:19.871 [debug]
<0.337.0>@ejabberd_sql:sql_query_internal:593 SQL: "INSERT INTO
oauth_token(token, jid, scope, expire) VALUES ('
*DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp*', '*user1 at n*', '', *1558848739*);"
2018-05-26 10:02:19.979 [debug] <0.574.0>@ejabberd_http:process_header:277
(#Port<0.21554>) http query: 'GET' <<"/oauth/authorization_token?
*access_token=DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp&token_type=bearer&expires_in=31536000&scope=&state=">>*
============================================================
so token for user1 at n is *DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp*, and encode
base64("\0" + "*user1*" + "\0" + "*DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp*").
Authentication is done by:
1)<stream:stream xmlns="jabber:client" to="n" version="1.0" xmlns:stream="
http://etherx.jabber.org/streams" xml:lang="en" >
result:
=====================
<?xml version='1.0'?><stream:stream id='18378641739984483383' version='1.0'
xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='n'
xmlns='jabber:client'><stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>X-OAUTH2</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><register
xmlns='http://jabber.org/features/iq-register'/></stream:features>
===================================
2)<auth mechanism='X-OAUTH2' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
*AHVzZXIxQG4ARG9vT244WjV3R3o2VDRsQXdWSTZIT0dRR1N1b3cxcHA=*</auth>
result:
===================================
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>*<not-authorized*/><text
xml:lang='en'>Invalid token</text></failure>
===========================


ejabberd log is:
===============================
2018-05-26 10:24:13.487 [debug]
<0.337.0>@ejabberd_sql:sql_query_internal:593 SQL: "select jid, scope,
expire from oauth_token where token='DooOn8Z5wGz6T4lAwVI6HOGQGSuow1pp'"
2018-05-26 10:24:13.488 [debug] <0.576.0>@xmpp_socket:send:218
(tcp|<0.576.0>) Send XML on stream = <<"<failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><*not-authorized/*><text
xml:lang='en'>Invalid token</text></failure>">>
2018-05-26 10:24:13.488 [info]
<0.576.0>@ejabberd_c2s:handle_auth_failure:442 (tcp|<0.576.0>) *Failed* c2s
X-OAUTH2 *authentication* for *user1 at n* from ::ffff:192.168.90.26: *Invalid
token*
2018-05-26 10:24:34.332 [debug] <0.576.0>@xmpp_socket:send:218
(tcp|<0.576.0>) Send XML on stream = <<"<stream:error><connection-timeout
xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error>">>
2018-05-26 10:24:34.332 [debug] <0.576.0>@xmpp_socket:send:218
(tcp|<0.576.0>) Send XML on stream = <<"</stream:stream>">>
===================================
what's wrong? is wrong my ejabberd config?

thanks alot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20180526/6e8b7218/attachment.html>


More information about the ejabberd mailing list