I'm currently looking how I could use my oauth2 token from our own application to authenticate against ejabberd.
Is there any solution available which enables me to authenticate in our own product, then use that oauth2 JWT token to authenticate against ejabberd.
Or maybe a different question, how can I synchronize ejabberd users with my own applications users.
I'm looking for a Single Sign on way of working for our users.
I have seen suggestions to update the ejabberd users password with the token generated on each login. and then just login to ejabberd using the username and token. This however sounds more than a hack then a real solution.
Does anyone have experience with this? I don't have any experience with Erlang. Would be great if someone can point me in the right direction.
I see two main correct ways to implement token-based authentication for ejabberd:
ejabberd custom authentication module: You can write a custom authentication module for ejabberd, using ejabberd hook API. You can use one of the existing Erlang
ejabberd_auth*.erl
as an example.Use a contribution that allows to authenticate against an HTTP backend and perform the token check in that backend. That would remove the need to write Erlang code. Such module is available on ProcessOne Github: ejabberd_auth_http.