ejabberd extauth script to use OpenID Connect with the Resource Owner Password Grant Flow
Project description
ejabberd extauth script for OIDC Password Grant Flow
This script enables the use of OIDC providers for password login in ejabberd. It uses the Password Grant, which is considered legacy. However, with ejabberd lacking proper OIDC support, it is a viable work-around.
Installation
It is best to install the script using pipx:
sudo pipx install ejhabberd-extauth-oidc-password
This makes the script available at /usr/local/bin/ejabberd_extauth_oidc_password.
Configuration
Configuring the script
The script needs the following information about the OIDC provider:
- Issuer URL
- Token URL
- Client ID
- Client secret
Then, the script can be configured in /etc/ejabberd/extauth/oidc_password.yml:
handler:
test.example.com: # one block per XMPP server domain
issuer: https://idp.example.com
token_url: https://idp.example.com/oauth/token/
client_id: myclient_abcd
client_secret: top_secret
Configuring ejabberd
For ejabberd, follow the instructions for configuring external authentication.
Set extauth_program to /usr/local/bin/ejabberd_extauth_oidc_password.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ejabberd_extauth_oidc_password-1.0.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 12025ff2bcd7397eb626f23f36cf0e1c60b5d8c72337a725dbf39e520d0667bb |
|
| MD5 | 02883383911755fa20f9fa14585e93c8 |
|
| BLAKE2b-256 | a6fc37289c605dc4dc2ff66ef1e9df7fd6647ba7e65feb882550f155288a8847 |
Hashes for ejabberd_extauth_oidc_password-1.0.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 803917d5b2627b7ac5fa7dc4cad9d9d7e6a30a0b19cbf7056ee2da1b68edbc57 |
|
| MD5 | e23a2cec63fb73e7d702a36f8b3a52a7 |
|
| BLAKE2b-256 | 5d5534ce54d542e367fc69dd75b7b3a0a888406559dc10b76118d79e9a2787db |
