Skip to content

ejabberd extauth

Marcel Waldvogel edited this page Jan 3, 2018 · 7 revisions

Adding authentication to ejabberd

ejabberd already works, but does not yet know about the Nextcloud users (or any users, for that matter). It is time to change this. Run the commands on the XMPP server, if you have two machines.

Create the following file, using the template in /opt/xmpp-cloud-auth/xcauth.conf. Please verify that

  • the url variable has the same value as the "API URL" field in the Nextcloud JSXC admin page you kept open in the previous step
  • the secret variable uses the value from "Secure API token" ibidem

/etc/xcauth.conf

# Example xcauth.py configuration file
#
# Preferably put this in /etc,
# and make it readable only for the user the XMPP server is running under
#
# Config files are only supported if ConfigArgParse python module
# is installed. Install e.g. using "pip install ConfigArgParse".
# If "external_cloud.py -h" shows the "-c" option, it is installed.

# Type: ejabberd or prosody
#
type=ejabberd
#type=prosody

# URL: Where JSXC for Nextcloud (>=3.2.0) can be queried
# Shown in the Nextcloud JSXC administration settings
#
#url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php
url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php

# Secret: API token
# Shown in the Nextcloud JSXC administration settings
# :warning: Should not fall into the wrong hands!
#
#secret=0123456789ABCDEF
secret=CHANGEME

# Log: Log directory
# In this directory, extauth.{log,err} will be created
#
log=/var/log/ejabberd
#log=/var/log/prosody

# Debug: Log more
#
#debug

⚠️ Anyone knowing the API token can authenticate as any user to the XMPP server. So please make sure it does not fall into the wrong hands. This also means that any file with it should be protected from prying eyes:

chown ejabberd:ejabberd /etc/xcauth.conf
chmod 600 /etc/xcauth.conf

Log out and back in

If it works, you can turn on "Activate time-limited tokens" in the Nextcloud JSXC admin page. This will reduce some round-trips and therefore improve the speed. It will also allow automatic reconnection when reopening a browser tab to Nextcloud after all Nextcloud tabs have been closed.

Next: Enjoy your fully JSXC-chat-enabled Nextcloud!

Clone this wiki locally