Not logged in. · Lost password · Register
Forum: agsXMPP RSS
Avatar
Vincent #1
Member since Sep 2010 · 15 posts
Group memberships: Members
Show profile · Link to this post
Subject: jabber:iq:auth
Hello,

I'm trying to authenticate sending a username and password to a server. The password is actually a BASE64 token which I receive from the socialnetworking site API. Upon sending this I'm receiving a not-authenticated message because my token is encoded again by agsXMPP. How do I stop this behaviour?

To clarify;

I'm receiving:
  1. <iq xmlns="jabber:client" type="result" id="agsXMPP_1">
  2.           <query xmlns="jabber:iq:auth">
  3.             <username />
  4.             <digest />
  5.             <resource />
  6.           </query>
  7.         </iq>

The password field is filled with this token: "dmluY2U4M18xMjg3NDA0OTY1XzHg9Ng4fz7JwxiCVdgdUX4=" However it is encoded and sent as follows;

  1. <iq id="agsXMPP_2" type="set">
  2.           <query xmlns="jabber:iq:auth">
  3.             <username>myUser</username>
  4.             <digest>57db2ff15b53f39f36bc59528f6d745e2c85f8f1</digest>
  5.             <resource>VincentTestApp</resource>
  6.           </query>
  7.         </iq>

I have tried to change the digest element in an iq handler to sent the correct value. This works but after submitting the iq query it also sends the original query (seen above).

  1. <iq id="agsXMPP_2" type="set">
  2.           <query xmlns="jabber:iq:auth">
  3.             <username>myUser</username>
  4.             <digest>dmluY2U4M18xMjg3NDA0OTY1XzHg9Ng4fz7JwxiCVdgdUX4=</digest>
  5.             <resource>VincentTestApp</resource>
  6.           </query>
  7.         </iq>

How do I make sure the digest stays as I set it or how do I stop the first original iq:query from sending after changing it in my iqhandler?


Hope this makes sense. Thank you in advance!
This post was edited on 2010-10-11, 14:53 by Vincent.
Avatar
Alex #2
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Vincent:
Hope this makes sense. Thank you in advance!

no this makes no sense. XEP-0078 describes the non SASL auth and this is what agsXMPP does. The digest is no token, its a password hash.

Alex
Avatar
Vincent #3
Member since Sep 2010 · 15 posts
Group memberships: Members
Show profile · Link to this post
Ai, it even describes the method as being obsolete... I will contact the chatserver admins to ask if there's no other way to authenticate.

As for the iq:auth message. There's no way to cancel the faulty response in favor to my iq:auth with the correct digest?
Avatar
Alex #4
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
use DIGEST-MD5 as advertised by the server an you are fine. This is also what MatriX and agsXMPP will use by default.

Alex
Avatar
Vincent #5
Member since Sep 2010 · 15 posts
Group memberships: Members
Show profile · Link to this post
Unfortunately I can't use MD5. I checked with the Hyves developers and they mailed me;

DIGEST_MD5 authentication requires user password (NOT token).
JABBER authentication requires digest (as provided by getLoginToken).

Using digest-md5 with the token provided by getLoginToken will not work.

I'm using the oAuth (token) method and the password method is not an option. Thus I'm stuck using the JABBER auth.
Avatar
Alex #6
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
DIGEST_MD5 authentication requires user password (NOT token).
thats correct

JABBER authentication requires digest (as provided by getLoginToken).

Using digest-md5 with the token provided by getLoginToken will not work.
thats wrong. Non Sasl old style Jabbber out requires a Digest build from the password and the sid sent by the server.
SHA1(concat(sid, password)).

I'm using the oAuth (token) method and the password method is not an option. Thus I'm stuck using the JABBER auth.
if they expect a OAuth token in jabber:iq:auth the totally got the xmpp and old jabber protocol wrong.

This will not work without modifications to the library. Because this authentication is not standards conform I can only create such modifications based on my professional services.

Alex
Avatar
Vincent #7
Member since Sep 2010 · 15 posts
Group memberships: Members
Show profile · Link to this post
Your professional services would mean purchasing a developer license for Matrix?

If possible, I need this to work with Matrix rather then agsXMPP.
Avatar
Alex #8
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
no, I thought you were already using MatriX because you use Facebook auth which is only available in MatriX. MatriX is commercial only and you can't use it in production without a license.

I meant that I can modify the sources for you and make it work with the Hyves server. Because they use an obsolete protocol and this even wrong it will never work with MatriX out of the box.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: agsXMPP RSS