Not logged in. · Lost password · Register
Forum: agsXMPP RSS
Avatar
merc #1
Member since Sep 2011 · 5 posts
Group memberships: Members
Show profile · Link to this post
Subject: Using talk.google.com without an @gmail.com address
The following article allowed us to at least identify the issue and provide a work around:

http://www.google.com/support/talk/bin/answer…?answer=14…

Alex, your instructions in many of the other threads work perfectly for @gmail.com accounts. Our situation is that we have many users with Google accounts that do not have an @gmail.com account, and no SRV records pointing to "talk.google.com", but can use other 3rd party IM applications without an issue (Pidgin, Trillian, iChat, etc.). These users utilize the other google services (YouTube, Picasa, Contacts) with this same account, so adding chat capabilities seemed to be a natural progression for our application.

The error being returned leads you to believe something either isn't configured correctly, or you typed your username/password wrong. Here is a sample of the application debug:

XmppFeed::Connect()
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Connecting
ContactFeed::GetContacts
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Connected
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="gmail.com" id="4550827469E7512E" version="1.0" >
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Securing
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
XmppFeed::HandleXmppClientConnectionOnReadXml:: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
XmppFeed::HandleXmppClientConnectionClientSockeOnValidateCertificate:: Subject: CN=gmail.com, O=Google Inc., L=Mountain View, S=California, C=US
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Authenticating
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="gmail.com" id="8FB8FE69A491C99B" version="1.0" >
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
XmppFeed::HandleXmppClientConnectionOnSaslStart
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">xxxxxxxxxxxxxx_removed_this_xxxxxxxxxxxxxxxxx</auth>
XmppFeed::HandleXmppClientConnectionOnReadXml:: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized /></failure>
XmppFeed::HandleXmppClientConnectionOnAuthError:: <not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
XmppFeed::HandleXmppClientConnectionOnReadXml:: </stream:stream>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Disconnected

You'll note that <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized /></failure> logically makes us think we did something incorrectly on our end.

Any suggestions/insight on making this work without sending everyone off to create an account like the Google link above recommends?
Avatar
Alex #2
Member since Feb 2003 · 4311 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
in your log the xmpp domain is gmail.com. When a user has hosted IM at Google then you must use also hos domain for the xmpp domain instead of gmail.com.

Alex
Avatar
merc #3
Member since Sep 2011 · 5 posts
Group memberships: Members
Show profile · Link to this post
Understood, but as I said without the SRV record entries this does not work.
Avatar
Alex #4
Member since Feb 2003 · 4311 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The SRV records are responsible for finding the server hosting your XMPP service.
When I have e.g. the domain example.com at google apps for hosting xmpp also then my jid is user@example.com. The Xmpp domain is example.com. And I must add and SRV records to Googles XMPP services according to the XMPP RFCs. When there are no SRV records in place then no XMPP messenger can find the host talk.google.com automatically without manual configuration. All messengers have manual config dialogs for this. In MatriX and agsXMPP you can set the Hostname (ConnectServer) manual.

Alex
This post was edited on 2011-09-15, 23:39 by Alex.
Avatar
merc #5
Member since Sep 2011 · 5 posts
Group memberships: Members
Show profile · Link to this post
Have you registered a google account and accomplished this with something like the MiniClient example? Here's what we have done with the XmppClientConnection (via agsXMPP, paraphrasing for simplicity):
 
.Server = "example.com";
.Username = jid.User; // from Jid jid = new Jid(this.username) where this.username = "foo@example.com"
.Password = this.password;
.ConnectServer = "talk.google.com";
.AutoResolveConnectServer = false;
.Open();

Which then produces the following:

XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Connecting
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Connected
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="example.com" id="78CE51EACBE40439" version="1.0" >
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Securing
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
XmppFeed::HandleXmppClientConnectionOnReadXml:: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
XmppFeed::HandleXmppClientConnectionClientSockeOnValidateCertificate:: Subject: CN=talk.google.com, O=Google Inc., L=Mountain View, S=California, C=US
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Authenticating
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="example.com" id="B92671B07B112CA0" version="1.0" >
XmppFeed::HandleXmppClientConnectionOnReadXml:: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms></stream:features>
XmppFeed::HandleXmppClientConnectionOnSaslStart
XmppFeed::HandleXmppClientConnectionOnWriteXml:: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">xxxxxxxxxxxxxxxxx_removed_xxxxxxxxxxxxxxxxxx</auth>
XmppFeed::HandleXmppClientConnectionOnReadXml:: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized /></failure>
XmppFeed::HandleXmppClientConnectionOnAuthError:: <not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
XmppFeed::HandleXmppClientConnectionOnReadXml:: </stream:stream>
XmppFeed::HandleXmppClientConnectionOnXmppConnectionStateChanged:: Disconnected

Our goal is to have it work like many of the other existing IM clients out there, which do not require the SRV records for example.com.
Avatar
Alex #6
Member since Feb 2003 · 4311 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by merc:
Have you registered a google account and accomplished this with something like the MiniClient example? Here's what we have done with the XmppClientConnection (via agsXMPP, paraphrasing for simplicity):
 

no myself, but many of our customers are using it with Google Apps without any problems.
Have you tried the other hosts like l.talk.google.com?

Quote by merc:
Our goal is to have it work like many of the other existing IM clients out there, which do not require the SRV records for example.com.
as said before, you can set the ConnectServer manual and don't need SRV records then.

Alex
Avatar
merc #7
Member since Sep 2011 · 5 posts
Group memberships: Members
Show profile · Link to this post
no myself, but many of our customers are using it with Google Apps without any problems.

This seems to be a recurring theme in many of the forum threads. While it is usually solved for people with custom domains by correctly entering SRV records or setting .ConnectServer, this has not been our experience. The only suggestion I have is for you to try it yourself?

Have you tried the other hosts like l.talk.google.com?

We have tried the domains listed in the SRV records instructions here without success.

The way I see it, you have 3 operational scenarios:
1. Users have a @gmail.com account, and everything just works.
2. Users have a domain hosted by Google, have created the SRV records, and everything just works.
3. Users have a foo@example.com email address, do not have a domain hosted by Google, but have created a Google account using foo@example.com. This is the scenario we are running in to with some users, and only in this scenario are we encountering the issues described above.
Avatar
Alex #8
Member since Feb 2003 · 4311 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
All the magic for authentication is SASL Plain is in the auth tag:

<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">xxxxxxxxxxxxxxxxx_removed_xxxxxxxxxxxxxxxxxx</auth>

Can you please compare this tag from a MatriX session which fails, and one from another client which succeeds?

Alex
Avatar
merc #9
Member since Sep 2011 · 5 posts
Group memberships: Members
Show profile · Link to this post
Quote by Alex:
All the magic for authentication is SASL Plain is in the auth tag:

<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">xxxxxxxxxxxxxxxxx_removed_xxxxxxxxxxxxxxxxxx</auth>

Can you please compare this tag from a MatriX session which fails, and one from another client which succeeds?

You gave me an idea after seeing this and your comment in the SaslHandler.cs stating:
// This is the only way to connect to GTalk on a unsecure Socket for now
// Secure authentication is done over https requests to pass the authentication credentials on a secure connection

So we switched the mechanism to MechanismType.X_GOOGLE_TOKEN, which allows us to successfully authenticate the non @gmail.com and non @example.com domain accounts. Another assumption was that .UseSSL defaulted to true instead of false (pretty silly assumption on our part without actually bothering to look).

We're going to move forward with the MechanismType.X_GOOGLE_TOKEN, hopefully this thread will help others avoid the issue too.
Avatar
Alex #10
Member since Feb 2003 · 4311 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by merc on 2011-09-16, 18:00:
We're going to move forward with the MechanismType.X_GOOGLE_TOKEN, hopefully this thread will help others avoid the issue too.

why are you not just using TLS? When possible then you should always use TLS.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: agsXMPP RSS