oauth2 authentication support in ejabberd
Asked Answered
P

2

6

I'm currently looking how I could use my oauth2 token from our own application to authenticate against ejabberd.

Is there any solution available which enables me to authenticate in our own product, then use that oauth2 JWT token to authenticate against ejabberd.

Or maybe a different question, how can I synchronize ejabberd users with my own applications users.

I'm looking for a Single Sign on way of working for our users.

I have seen suggestions to update the ejabberd users password with the token generated on each login. and then just login to ejabberd using the username and token. This however sounds more than a hack then a real solution.

Does anyone have experience with this? I don't have any experience with Erlang. Would be great if someone can point me in the right direction.

Puffball answered 15/6, 2015 at 14:11 Comment(0)
G
5

I see two main correct ways to implement token-based authentication for ejabberd:

  • ejabberd custom authentication module: You can write a custom authentication module for ejabberd, using ejabberd hook API. You can use one of the existing Erlang ejabberd_auth*.erl as an example.

  • Use a contribution that allows to authenticate against an HTTP backend and perform the token check in that backend. That would remove the need to write Erlang code. Such module is available on ProcessOne Github: ejabberd_auth_http.

Goldner answered 30/7, 2015 at 11:23 Comment(2)
@marco-franssen, were you able to get it working either way? I am also looking for solution of similar problemPalladian
We did not yet invest the time to do so. A custom module seems to be the best option. Probably we will be using the ejabberd_auth_http module to base the Oauth2 one on this module. OAuth 2 is ofcourse build on top of the HTTP protocol.Puffball
T
4

Recently I faced the same problem and decided to write a simple ejabberd module:

https://github.com/yokomizor/ejabberd-auth-jwt

Works fine with ejabberd 18, and supports HMAC and RSA. I am using it in a small host, but looks stable so far.

I also found another module doing the same thing but a bit out dated: https://github.com/ParamountVentures/ejabberd-auth-jwt

Towering answered 10/5, 2018 at 23:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.