Can someone help me with setting up oauth?
I have set up this in ejabberd.yml
-
# Using a separate port for oauth and API to make it easy to protect it
# differently than BOSH and Websocket HTTP interface.
port: 5281
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/oauth": ejabberd_oauth
"/api": mod_http_api
commands_admin_access:
- allow:
- user: "admin@domain.com"
commands:
- add_commands: [user, admin, open]
auth_expire: 31536000
oauth_access: all
And added the mod_admin_extra: {} module
But i can't figure out how to get the oauth token.
I try `curl
but get this: curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Also, I use a reverse proxy for port 5281:
location / {
#try_files $uri $uri/ =404;
proxy_pass
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
The listener in port 5281 is
The listener in port 5281 is not configured to use any encryption, but later in curl you request an https page.
Oh, okay. I removed the
Oh, okay. I removed the reverse proxy for now. I am now calling http.
So i can now get a webpage when i put this in a browser
and when i try to log in, I get redirected to this url
But I get a "connection was reset" error. I do not have a firewall or anything blocking connection in use
Edit: Reading through the docs again, I wonder if this way is tied to an application which is listening for it? So the redirect? My intension was just to recieve a token so I could use it in a script
Edit2: Here is any relevant updated config parts:
listen: - port: 4560 module: ejabberd_xmlrpc access_commands: {} - port: 5280 ip: "0.0.0.0" module: ejabberd_http request_handlers: ## "/pub/archive": mod_http_fileserver "/websocket": ejabberd_http_ws "/log": mod_log_http # OAuth support: "/oauth": ejabberd_oauth # ReST API: "/api": mod_http_api web_admin: true http_poll: true http_bind: true ## register: true captcha: true disable_sasl_mechanisms: ["digest-md5"] command_admin_access: xmlrpc acl: admin: user: - "admin": "domain.com" xmlrpc: user: - "admin": "domain.com" access: xmlrpc: xmlrpc: allow modules: mod_rest: {} mod_admin_extra: {}> Edit: Reading through the
> Edit: Reading through the docs again, I wonder if this way is tied to an application which is listening for it? So the redirect?
Looking at the documentation, it seems so.
Configure access like this:
commands_admin_access: configure commands: - add_commands: - user - restricted oauth_expire: 3600 oauth_access: allThen you can run this in a shell:
Then, if that's good, you can enable some module to run this command from somewhere else, like ejabberd_xmlrpc or mod_rest.
No dice :( I pretty much copy
No dice :(
I pretty much copy pasted the above config (and checked the docs) but got this error:
root@host:/etc/ejabberd# ejabberdctl oauth_issue_token 3600 "sasl_auth" Problem 'error undef' occurred executing the command. Stacktrace: [{oauth2,authorize_password, [{<<"admin">>,<<"domain.com">>}, [<<"sasl_auth">>], admin_generated], []}, {ejabberd_oauth,oauth_issue_token,3, [{file,"src/ejabberd_oauth.erl"},{line,138}]}, {ejabberd_ctl,call_command,4, [{file,"src/ejabberd_ctl.erl"},{line,324}]}, {ejabberd_ctl,try_call_command,4, [{file,"src/ejabberd_ctl.erl"},{line,298}]}, {ejabberd_ctl,process2,4, [{file,"src/ejabberd_ctl.erl"},{line,247}]}, {ejabberd_ctl,process,2, [{file,"src/ejabberd_ctl.erl"},{line,225}]}, {rpc,'-handle_call_call/6-fun-0-',5, [{file,"rpc.erl"},{line,187}]}]Would this be a bug to be reported?
That error says that erlang
That error says that erlang couldn't fin the definition of the function authorize_password with three arguments in a module called oauth2. This usually means it couldn't find the file oauth.beam. That module is included in a dependency that ejabberd source code downloads automatically during compillation, or is already included in the binary installers.