我非常需要帮助!我一直在与 Strope.js 进行 OAuth 身份验证方面的斗争,但我已经束手无策了。我已经查阅了文档和示例,但我就是无法让 OAuth 机制发挥作用。
我收到JS的消息:INVALID TOKEN!!!!!!!
我正处于疯狂的边缘!我的大脑正在融化。这是让我发疯的代码片段:
const xmppServer = 'my-chat.de';
const xmppUsername = 'admin';
const oauthToken = 'XXXXXXXXXXXXXXXXXiUQJZ8jrziUn8Qd';
const boshEndpoint = `https://${xmppServer}/bosh`;
const from = `${xmppUsername}@${xmppServer}`;
const to = '[email protected]';
// Connection to bosh.
const connection = new Strophe.Connection(boshEndpoint);
const saslOAuthBearer = new Strophe.SASLMechanism(connection);
saslOAuthBearer.priority = 30; // Also tried 40
saslOAuthBearer.isClientFirst = false;
saslOAuthBearer.test = function() {
return true;
};
connection.rawInput = function(data) {
console.log("RECEIVED:", data);
};
connection.rawOutput = function(data) {
console.log("SENT:", data);
};
connection.connect(from, oauthToken, (status, condition) => {
// Zuerst registrierst du den Mechanismus
if (status === Strophe.Status.CONNECTING) {
console.log('Connecting to XMPP server...');
} else if (status === Strophe.Status.CONNFAIL) {
console.log('XMPP connection attempt failed.');
} else if (status === Strophe.Status.AUTHENTICATING) {
console.log('Authenticating...');
} else if (status === Strophe.Status.AUTHFAIL) {
console.log('XMPP authentication failed.');
} else if (status === Strophe.Status.CONNECTED) {
console.log('XMPP connection established.');
} else if (status === Strophe.Status.DISCONNECTED) {
console.log('XMPP connection disconnected.');
} else if (status === Strophe.Status.DISCONNECTING) {
console.log('Disconnecting from XMPP server...');
} else if (status === Strophe.Status.REDIRECT) {
console.log('XMPP connection redirected.');
} else if (status === Strophe.Status.CONNTIMEOUT) {
console.log('XMPP connection timeout.');
} else {
console.log('Unknown XMPP connection status:', status);
}
},
null,
null,
xmppServer,
{
mechanism: 'X-OAUTH2',
oauth_token: oauthToken
});
我已经到了崩溃的边缘!就像 Strope.js 正在嘲笑我的每一次尝试。有人可以给我一条生命线并帮助我找出是什么黑魔法阻止了 OAuth 机制的启动吗?
Strope.js 版本:1.6.0 XMPP 服务器:23.05
OAuth 令牌(发送日志):
SENT: <body rid="1534767099" sid="cfbc87bd0068b53002a98048d7cd86d3853e03fa" xmlns="http://jabber.org/protocol/httpbind"><auth mechanism="X-OAUTH2" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AGFkbWluQGxpZWJlcy1jaGF0LmRlADhMOFNUd1BQV1Fxxxxxxxxxxxxxxxxxxxxxxxx</auth></body>
RECEIVED: <body xmlns="http://jabber.org/protocol/httpbind"><failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><text xml:lang="en">Invalid token</text></failure></body>
root@xyz:/opt/ejabberd/conf# ejabberdctl oauth_list_tokens
XXXXXXXXXXXXXXXXXPUMWUrWxi7gikDN [email protected] [<<"ejabberd:user">>] 3567104 seconds
XXXXXXXXXXXXXXXXXKjRErde70gWwTR1 [email protected] [<<"ejabberd:user">>] 3568566 seconds
XXXXXXXXXXXXXXXXXiUQJZ8jrziUn8Qd [email protected] [<<"ejabberd:admin">>] 3564705 seconds
XXXXXXXXXXXXXXXXXjBwhau0C4nXvEpt [email protected] [<<"sasl_auth">>] 269402 seconds
XXXXXXXXXXXXXXXXX5QFXDaY89qcN7iA [email protected] [<<"ejabberd:admin">>] 269342 seconds
XXXXXXXXXXXXXXXXXtwZnjqzHPM4fZYv [email protected] [<<"sasl_auth">>,<<"get_roster">>] 269411 seconds
我使用 Strope.js 与 ejabberd 服务器进行 XMPP 通信。使用用户名和密码一切正常,但 OAuth 身份验证给我带来了麻烦。
我通过 python3 测试我的令牌并使用 http oauth 请求成功创建令牌:
此测试有效:
导入 xmlrpc.client 作为客户端
server_url = 'http://my-chat.de:4560/' 服务器 = client.ServerProxy(server_url)
登录= {'用户':'管理员', '服务器': 'my-chat.de', '令牌':'xxxxxxxxxxxxxxxxxx', “管理员”:错误}
def 调用(命令,数据): fn = getattr(服务器,命令) 返回fn(登录,数据)
结果 = server.get_roster(LOGIN, {'user': 'admin', 'server': 'my-chat.de'})
打印(结果)
被迫使用X-OAUTH2
listen:
-
port: 4560
module: ejabberd_http
request_handlers:
## Handle ejabberd commands using XML-RPC
"/": ejabberd_xmlrpc
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5223
ip: "::"
tls: true
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
# "/xmpp-register": mod_register_web
"/.well-known/acme-challenge": ejabberd_acme
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
/.well-known/acme-challenge: ejabberd_acme
# /oauth: ejabberd_oauth
-
port: 3478
ip: "::"
transport: udp
module: ejabberd_stun
use_turn: true
## The server's public IPv4 address:
# turn_ipv4_address: "203.0.113.3"
## The server's public IPv6 address:
# turn_ipv6_address: "2001:db8::3"
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
disable_sasl_mechanisms:
- "SCRAM-SHA-512"
- "SCRAM-SHA-512-PLUS"
- "SCRAM-SHA-256"
- "SCRAM-SHA-256-PLUS"
- "SCRAM-SHA-1"
- "DIGEST-MD5"
- "PLAIN"
oauth_expire: 2592000
oauth_access: all
oauth_client_id_check: db
acl:
admin:
user:
- admin
ip:
- <<<<<myipadress>>>>>
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
access_rules:
local:
allow: all
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
- acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
- acl: admin
what:
- "*"
- "!stop"
- "!start"
# from:
# - mod_http_api
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
"user access":
who:
access:
allow:
- acl: all
oauth:
scope: "ejabberd:user"
access:
allow:
- acl: all
what:
- "sasl_auth"
- "get_roster"
- "send_message"
- "send_stanza"
- "set_last"
- "get_last"
嗨,我想我遇到了问题。这似乎是一个营养不良问题。 我的字符串编码出现问题。
当我解码我的 Strope.js 请求时,我得到了这个: AGFkbWluQGxpZWJlcy1jaGF0LmRlAC9QSmZZNWlhb0xYUTdGbHhVdHR3Wm5qcXpIUE00ZlpZdg== 根据 Base64 Decoder 我得到了这个: �[email protected]�/PJfY5iaoLXQ7FlxUttwZnjqzHPM4fZYv
但我认为 ejabberd 期望这样: [email protected]/PJfY5iaoLXQ7FlxUttwZnjqzHPM4fZYv 自编码: YWRtaW5AbGllYmVzLWNoYXQuZGUvUEpmWTVpYW9MWFE3Rmx4VXR0d1puanF6SFBNNGZaWXY=
要么我错过了这里的某些东西,要么它是一个错误。