melaniebalaz
commented
7 years ago I found a solution for this, I will write it here just in any case anyone else stumbles upon the same thing and is genereally clueless like me!
So the reason why get_password was chosen was because the password was already hashed between the client (Adium or Pidgin in my case) and the ejabberd Server, so there was no plaintext password it could send on to the Auth Server. This is why it actually says in the Documentation of the module that Digest MD-5 must be disabled. Because even if you tell your client that plaintext is allowed, it will use the strongest Encryption it is offered by the Server, so if you want to get around to it using Plain and sending a check_password request to your Auth Server, you need to disable the stronger Encryption methods. There is a feature that was implemented in ejabberd at some point which can do exactly this, and I both disabled MD-5 and SCRAM with it and then Plain was used. Probably I will move on to OAuth in the end, but just for playing around this is what I needed.
adiii717
I have gotten the ejabberd_auth_http module up and running and now tried authenticating a user from Adium. Now the requests arrived at my authentication server correctly, however appearantly the get_password method was called for sending out the request because it was contained in the query string I read from my webserver logs:
Instead of the get_password method being called and then having to make the actual comparison of passwords on the XMPP Server, I would like to have the whole authentication process on the authentication server and it just returning true or false, as is the purpose of check_password. How can I tell it to use check_password instead of get_password?