yokomizor / ejabberd-auth-jwt Goto Github PK

I have placed the module in my module path.

ejabberdctl modules_update_specs
ejabberdctl modules_available
ejabberd_auth_jwt Authentication via JWT token
ejabberdctl module_install ejabberd_auth_jwt
[jabber@transdev01 sources]$ ejabberdctl module_install ejabberd_auth_jwt
Error: {429,
With a github error, on "You have triggered an abuse detection mechanism.".

Hi,

I'm trying to incorporate your module into ejabberd. It shows as installed, and the auth_mode is set to jwt. To test the connection, I'm using a simple JWT created on http://jwtbuilder.jamiekurtz.com/. I'm just using the HS256 default secret on that site when generating the JWT.

I am trying to connect using Pidgin. I set the username to match the sub claim, and the password to the token, but when it tries to connect, I get an Invalid username or password message.

15:22:14.378 [info] (tls|<0.734.0>) Failed c2s PLAIN authentication for [email protected] from ...

I can see in the log that the token is getting to the server, but I can't tell if the jwt auth module is being used to authenticate. Is there any guidance you can give if I'm doing something wrong based on the above?

https://auth0.com/docs/jwks

Hi, After install this module to ejabberd server.
I start and see this log although i added this option in ejabberd.yml

hosts:

• "meepo.vn"

loglevel: 5
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

jwtauth_key: ""
jwtauth_pem_file: ""
jwtauth_user_claim: "sub"
jwtauth_strict_alg: "HS256"

Loading configuration from /Users/lv/ejabberd/etc/ejabberd/ejabberd.yml
18:00:31.419 [error] Unknown option 'jwtauth_key'
18:00:31.419 [error] Failed to load configuration file /Users/lv/ejabberd/etc/ejabberd/ejabberd.yml
18:00:31.419 [critical] Failed to start ejabberd application: unknown_option

It sems that current version does not check JWT against exp, iat, nbf fields.
So currently a given JWT does give infinite access for the user.
It seems important to support this features for security reasons.

In addition,checking agains issuer and audience (if found in config) could be nice too.

When I tried logging in to web admin, I take this crash:

exception error: {function_clause,[
    {jose_jwk,from_pem_file,[undefined],[{file,"src/jose_jwk.erl"},{line,401}]},
    {ejabberd_auth_jwt,get_jwk,2,[{file,"/opt/ejabberd/.ejabberd-modules/sources/ejabberd_auth_jwt/src/ejabberd_auth_jwt.erl"},{line,181}]},
    {ejabberd_auth_jwt,check_password_jwt,3,[{file,"/opt/ejabberd/.ejabberd-modules/sources/ejabberd_auth_jwt/src/ejabberd_auth_jwt.erl"},{line,109}]},
    {ejabberd_auth,'-check_password_with_authmodule/6-fun-0-',8,[{file,"src/ejabberd_auth.erl"},{line,239}]},
    {lists,foldl,3,[{file,"lists.erl"},{line,1263}]},
    {ejabberd_auth,check_password,6,[{file,"src/ejabberd_auth.erl"},{line,215}]},
    {ejabberd_web_admin,get_auth_account,5,[{file,"src/ejabberd_web_admin.erl"},{line,262}]},
    {ejabberd_web_admin,process,2,[{file,"src/ejabberd_web_admin.erl"},{line,216}]}
]}

ejabberd@3e8b12ba522c:~$ ejabberdctl status
The node ejabberd@test_ejabberd_1 is started with status: started
ejabberd 18.09 is running in that node

But when I logging in to bosh - it works fine.
It seems that in this case web_admin stops reading jwt_auth configs

At this moment the "sub" should only contain the username (hence without the domain part). This costed me a few hours to debug. Hence add to the documentation:

username should be equal to sub, without the domain.

Greeting I'm try to install the module in my local environment following the README instructions, but I'm getting this error:
`
15:35:25.116 [info] Loading configuration from /home/antonio/ejabberd-19.08/conf/ejabberd.yml

15:35:25.249 [critical] Failed to start ejabberd application: Configuration error: duplicated option: modules
`
I'm using the Ejabberd version 19.08 on Linux Mint

• JID claim
• Allowed signature algorithm
• Signature key