Skip to main content

ejabberd extauth script to use OpenID Connect with the Resource Owner Password Grant Flow

Project description

ejabberd extauth script for OIDC Password Grant Flow

This script enables the use of OIDC providers for password login in ejabberd. It uses the Password Grant, which is considered legacy. However, with ejabberd lacking proper OIDC support, it is a viable work-around.

Installation

It is best to install the script using pip until it gets available in distributions:

sudo pip install --break-system-packages ejhabberd-extauth-oidc-password

This makes the script available at /usr/local/bin/ejabberd_extauth_oidc_password.

Configuration

Configuring the script

The script needs the following information about the OIDC provider:

  • Issuer URL
  • Token URL
  • Client ID
  • Client secret

Then, the script can be configured in /etc/ejabberd/extauth/oidc_password.yml:

handler:
  test.example.com:  # one block per XMPP server domain
    issuer: https://idp.example.com
    token_url: https://idp.example.com/oauth/token/
    client_id: myclient_abcd
    client_secret: top_secret

Configuring ejabberd

For ejabberd, follow the instructions for configuring external authentication. Set extauth_program to /usr/local/bin/ejabberd_extauth_oidc_password.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ejabberd_extauth_oidc_password-1.0.1.tar.gz (2.3 kB view hashes)

Uploaded Source

Built Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page