how to authenticate users on ejabberd using an access token

1
votes

I have a running application that has the phone number as identifier and users are granted access token to access other apis if they verify their accounts. I don't have passwords.

to explain it more : the client verifies the phone number throw a code sent to the phone number , if verified then the client is granted an access token that can be used to call other apis of the application

Now Im adding chat feature to the application and I setup an xmpp server (ejabberd) . how can I configure ejabberd to authenticate users through this access token? I have configured ejabberd to work with sql

1
xmppejabberdsmackxmppframeworkejabberd-auth
Do you use Firebase or something like this for phone auth?Rubycon
@rubycon I use phone auth as following : 1- user enters their phone number 2- server sends a verification code to this phone number 3 - user will be required to enter this code and the app will verify this code on server and if correct then servers creates an access token and sends it back to the client 4- client then can use this access token to request other apisTareq Assi
Ok, I have a solution for you, will reply later todayRubycon

1 Answers

0
votes

At Ejabberd side you can enable external auth script

So Ejabberd will receive your token, verifies it (it goes to your Phone Auth service API to just verify it) and then returns true/false if it's valid hence authenticate your user or not

This is a pretty common solution for your issue