I'm trying to authenticate against a Tigase XMPP server with a simple client I wrote in Ruby using XMPP4R. I'm using PLAIN authentication to connect in the simplest way. Using an off the shelf client like Psi I can connect just fine, but the XMPP4R library keeps sending the wrong stream. According to this link a Base64 encoded string should be comprised of \00<username>\00<password>, for instance \00hank\00Secr3tP4ssw-rd (this is what Psi does as well). However, the xmpp4r library does something like \00hank@hanks-server.xx\00hank\00Secr3tP4ssw-rd which Tigase doesn't really like. Why is this third/first parameter present? How can I circumvent sending the full domain with the PLAIN authentication?
Asked
Active
Viewed 89 times
0
HTBR
- 1,013
- 1
- 10
- 22
1 Answers
2
Looking at the code, apparently there is no way to circumvent this.
The first parameter is an "authorization identity", as opposed to the "authentication identity" given as the second parameter. The "authentication identity" is the user that you want to authenticate as (i.e. the user whose password you're sending), while the "authorization identity" is the user you want to act as, e.g. if an administrator needs to access a user's account. This is rarely used, and thus the "authorization identity" is usually left empty.
RFC 6120 specifies that:
If the initiating entity does not wish to act on behalf of another entity, it MUST NOT provide an authorization identity.
So this should be considered a bug in XMPP4R.
legoscia
- 39,593
- 22
- 116
- 167
-
1Right, that is a bug in xmpp4r. I've created an issue for it: https://github.com/xmpp4r/xmpp4r/issues/33 – Flow Sep 01 '14 at 15:09