Closed MarcelWaldvogel closed 7 years ago
It looks like the issue I was having is that logins via nextcloud are not causing it to launch the auth script, but using an XMPP client does. I must have the NC app mis-configured.
However, when I use my XMPP client (pidgin), I get this error about the token length. What token is it referring to? The api secret? That is 23 chars.
2017-06-09 20:46:37,305 DEBUG: "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 500 None 2017-06-09 20:46:37,309 INFO: FAILURE: Neither token nor cloud approves user user@example.com 2017-06-09 20:55:21,525 INFO: Start external auth script 0.2.1+ for prosody with endpoint: https://example.com/apps/ojsxc/ajax/externalApi.php 2017-06-09 20:55:21,525 DEBUG: Log level: DEBUG 2017-06-09 20:55:21,526 DEBUG: from_prosody got auth:user:example.com:**** 2017-06-09 20:55:21,526 DEBUG: Receive operation auth 2017-06-09 20:55:21,526 DEBUG: Token is too short: 11 != 23 (maybe not a token?) 2017-06-09 20:55:21,537 INFO: Starting new HTTPS connection (1): example.com 2017-06-09 20:55:22,024 DEBUG: "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 None 2017-06-09 20:55:22,028 INFO: FAILURE: Neither token nor cloud approves user user@example.com
Thanks!
Does JSXC work against an internal Prosody user? If not, then the BoSH proxy/CORS configuration is probably broken.
The token DEBUG statements are related to the "time-limited token" support.
There are two ways of authentication:
Unless you have activated the "time-limited token" option in the NC/JSXC admin panel, these warnings are always there, because the XMPP clients will submit a password, not a token.
Sorry for the long delay, debugging Prosody external authentication is challenging.
Can you try d452aa8? It seems that mod_auth_external.lua
sends \r\n, even though its own examples only expect \n.
@rev138 Can you also have a look at the new installation instructions?
In 0ca3a47b1dd2db2a8c7e368f7da2d32194b37213, there is experimental support talking to external_cloud.py
over a socket instead of over the presumably unreliable lpty
interface from Prosody mod_auth_external.lua
.
Preliminary documentation is in the main README
and the one in systemd/
. Feel free to ask if the documentation is not sufficient yet. (It assumes a basic setup as described in the wiki.)
Please let me know how it works.
Closing due to inactivity; please reopen if the problem persists
@rev138 commented in #13:
It seems auth script is not starting. Testing with
-A
works.