yokomizor / ejabberd-auth-jwt Goto Github PK
View Code? Open in Web Editor NEW:speech_balloon: Ejabberd authentication module using JWT tokens
License: Apache License 2.0
:speech_balloon: Ejabberd authentication module using JWT tokens
License: Apache License 2.0
I have placed the module in my module path.
ejabberdctl modules_update_specs
ejabberdctl modules_available
ejabberd_auth_jwt Authentication via JWT token
ejabberdctl module_install ejabberd_auth_jwt
[jabber@transdev01 sources]$ ejabberdctl module_install ejabberd_auth_jwt
Error: {429,
With a github error, on "You have triggered an abuse detection mechanism.".
Hi,
I'm trying to incorporate your module into ejabberd. It shows as installed, and the auth_mode is set to jwt. To test the connection, I'm using a simple JWT created on http://jwtbuilder.jamiekurtz.com/. I'm just using the HS256 default secret on that site when generating the JWT.
I am trying to connect using Pidgin. I set the username to match the sub claim, and the password to the token, but when it tries to connect, I get an Invalid username or password message.
15:22:14.378 [info] (tls|<0.734.0>) Failed c2s PLAIN authentication for [email protected] from ...
I can see in the log that the token is getting to the server, but I can't tell if the jwt auth module is being used to authenticate. Is there any guidance you can give if I'm doing something wrong based on the above?
Hi, After install this module to ejabberd server.
I start and see this log although i added this option in ejabberd.yml
hosts:
loglevel: 5
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
jwtauth_key: ""
jwtauth_pem_file: ""
jwtauth_user_claim: "sub"
jwtauth_strict_alg: "HS256"
Loading configuration from /Users/lv/ejabberd/etc/ejabberd/ejabberd.yml
18:00:31.419 [error] Unknown option 'jwtauth_key'
18:00:31.419 [error] Failed to load configuration file /Users/lv/ejabberd/etc/ejabberd/ejabberd.yml
18:00:31.419 [critical] Failed to start ejabberd application: unknown_option
It sems that current version does not check JWT against exp, iat, nbf fields.
So currently a given JWT does give infinite access for the user.
It seems important to support this features for security reasons.
In addition,checking agains issuer and audience (if found in config) could be nice too.
When I tried logging in to web admin, I take this crash:
exception error: {function_clause,[
{jose_jwk,from_pem_file,[undefined],[{file,"src/jose_jwk.erl"},{line,401}]},
{ejabberd_auth_jwt,get_jwk,2,[{file,"/opt/ejabberd/.ejabberd-modules/sources/ejabberd_auth_jwt/src/ejabberd_auth_jwt.erl"},{line,181}]},
{ejabberd_auth_jwt,check_password_jwt,3,[{file,"/opt/ejabberd/.ejabberd-modules/sources/ejabberd_auth_jwt/src/ejabberd_auth_jwt.erl"},{line,109}]},
{ejabberd_auth,'-check_password_with_authmodule/6-fun-0-',8,[{file,"src/ejabberd_auth.erl"},{line,239}]},
{lists,foldl,3,[{file,"lists.erl"},{line,1263}]},
{ejabberd_auth,check_password,6,[{file,"src/ejabberd_auth.erl"},{line,215}]},
{ejabberd_web_admin,get_auth_account,5,[{file,"src/ejabberd_web_admin.erl"},{line,262}]},
{ejabberd_web_admin,process,2,[{file,"src/ejabberd_web_admin.erl"},{line,216}]}
]}
ejabberd@3e8b12ba522c:~$ ejabberdctl status
The node ejabberd@test_ejabberd_1 is started with status: started
ejabberd 18.09 is running in that node
But when I logging in to bosh - it works fine.
It seems that in this case web_admin stops reading jwt_auth configs
At this moment the "sub" should only contain the username (hence without the domain part). This costed me a few hours to debug. Hence add to the documentation:
username should be equal to sub, without the domain.
Greeting I'm try to install the module in my local environment following the README instructions, but I'm getting this error:
`
15:35:25.116 [info] Loading configuration from /home/antonio/ejabberd-19.08/conf/ejabberd.yml
15:35:25.249 [critical] Failed to start ejabberd application: Configuration error: duplicated option: modules
`
I'm using the Ejabberd version 19.08 on Linux Mint
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.