I am making a chat app with Operfire server using Smack API. I want to implement the XEP-0235: OAuth Over XMPP or token based reconnection in my app. The doc is not giving much information, searched a lot but I did not get any answer.
How can I implement the extension?
I read XEP-xxxx: Token-based reconnection doc, U send the following iq packet as mention in extension.
<iq to='domain#example.com' id='60fG0-45' type='get'><query xmlns='erlang-solutions.com:xmpp:token-auth:0'</query></iq>
but not receiving any response from server.
I found a plugin on https://github.com/rxwen/openfire-oauth-auth-provider
but I don't know how to use it or is it what am I searching for.
Regarding XEP-0235: OAuth Over XMPP
The document contains WARNING in start as:
WARNING: This document has been automatically Deferred after 12 months of inactivity in its previous Experimental state. Implementation of the protocol described herein is not recommended for production systems. However, exploratory implementations are encouraged to resume the standards process.
The document of XEP-xxxx: Token-based reconnection contains WARNING as:
WARNING: This document has not yet been accepted for consideration or approved in any official manner by the XMPP Standards Foundation, and this document is not yet an XMPP Extension Protocol (XEP). If this document is accepted as a XEP by the XMPP Council, it will be published at http://xmpp.org/extensions/ and announced on the mailing list.
So it's clear that you will not find any such functionality in Openfire Server and also there are very rare chances to find some plugin implementing any of these XEP's.
Also for such requirements, it requires changes on both Server and Client ends which means Openfire Server and Smack library for Android both will have to implement it.
Related
This is what I want
A user(bot) that always shows status Online
When a message comes for the user, I will hit a webhook associated with the user
The response from the webhook request will be sent as reply to the sender
This user will be able to intercept any message (let's say for profanity moderation)
This user will be able to send message to anyone (let's say broadcast)
This user will come in every users roster as default(like echo bot of skype)
I can't seem to find any resource on how to achieve this. I've found a way to intercept the incoming packet in openfire but I don't see any easy way to do this with MongooseIM. I haven't started diving deep into the source code yet, still looking for a way to do this without touching the source code and locking myself to a specific version of MongooseIM.
Disclaimer: I'm on the MongooseIM core team.
There are multiple ways this could be achieved. The easiest way to achieve this depends on your familiarity with Erlang, the programming language MongooseIM is written in.
You won't need any Erlang to use the event pusher module with its HTTP backend and the default settings, but you'd need some Erlang to control what messages get forwarded to the HTTP service or to make more complex setups. To send messages back, you'd either need to use the MongooseIM REST API or connect as an ordinary XMPP client to the server using one of the many XMPP libs available out there. This is probably the best approach to achieve your goal.
You can skip using the event pusher and just connect your bot as an XMPP client written in any language whatsoever. The bot might have your business logic within or can forward messages it gets to the HTTP service.
If you're comfortable working in Erlang, then the mechanism to extend the server is called Hooks and handlers and is described in the official MongooseIM documentation. This requires writing code in Erlang and building from source, but does not necessarily require modifying upstream MongooseIM code.
You could use the XMPP component protocol, which allows to extend the functionality of an XMPP server, yet structure it as multiple services. The components may be written in any technology you want and the most popular XMPP libraries should support the component protocol out of the box.
Depending on your choice from the above list and the language and environment you prefer, you might have to pick an XMPP library to use. There are XMPP libs available for iOS (ObjC and Swift), Android (Java and Kotlin), Python, JavaScript, C, and even some emerging ones for Rust, Dart and possibly more.
How to implement a bot with ejabberd?
The idea is that on my (Debian 7.0 Wheezy) VPS, I'm running ejabberd and there I have a special bot Jabber user with limited set of commands that he can run. Let's call him butler#myvps.foo.
On another box (say, my android phone), I have a Jabber client connected to my account at possibly a third party server. Let's call it me#somewhere.bar.
Now I want ejabberd to:
allow only one specific Jabber ID, me#somewhere.bar to ever communicate with this
butler#myvps.foo.
have everything typed into chat with butler#myvps.foo passed to shell and executed
as a command, possibly in a chrooted or another protected environment (e.g. using
a specific limited user). (And the STDOUT + STDERR returned as a reply, of course.)
I understand there can be security risks, but for now I just want to know if this the way to go.
You can simply write a bot in any language and have it connect to the XMPP server as a client. A list of XMPP client libraries can be found here.
The bot can check the JID in the 'from' attribute of messages it receives to verify identity. It is not generally possible to forge a JID in XMPP, as servers authenticate their clients and also each other. In reality however it is only as secure as the authentication methods used (and the server containing no bugs).
To execute commands and read the results, a PTY is a good easy solution. There are PTY libraries available in many languages, including Python, Ruby and Lua.
You are right that security is an issue, as with any system. Years of effort have gone into securing ssh, and issues still arise occasionally.
It is worth noting that Google's XMPP server does not support encryption for server-to-server connections, so someone on a network between your XMPP server and Google's would be able to see your messages, and potentially modify and/or forge them completely.
And finally, even if they did support encryption for the server-to-server link... Google themselves technically have the ability to send messages as you, and your phone would also be a potential weak point.
Isolating the target process will remove a lot of security concerns. If the server runs on Linux, LXC containers might be a good solution for you.
Hopefully this covers all aspects of your question!
I am working on a project of P2P instant messenger, like ichat, but just for LAN.
I use jmdns library for service discovering, and test with pidgin and log in as a Bonjour user. as so far,the service _presence._tcp.local. is well discovered,
then we know the user's information in LAN like name#host:port, so how to start a conversation with Bonjour client ?
I looked into XMPP, but it do not support P2P, but I can hardly find the library for the extension jingle which supports P2P.
maybe I should use SIP to make a conversation? but the packet format is compatible with Bonjour ? or I have to study the structure of packet exchanged?
Can anyone explain a little about how does ichat work for LAN?
Many thanks for your kind help!
I think you're a little confused.
Bonjour is a mechanism for finding a service. It is not for communicating with a service. Once you have found the name#host:port information, you are finished with Bonjour.
The next step will require you to talk a protocol that the service understands. The token _presence in the service string indicates that this is an XMPP service. You will need to talk XMPP to it. You cannot talk SIP to it. Have you tried opening an XMPP connection to the host and port you have found?
You talk about SIP and Jingle. These are used to set up an audio or video call. If you are writing an instant messaging program, you do not need to do this. XMPP alone is enough.
If you do want to support audio or video, then you will need one of those protocols. Because the service you have found is an XMPP service, you will need to use Jingle. If you don't have a library that can speak Jingle, you will have to write the code yourself. There is nothing in the Bonjour information that identifies a SIP service, so you cannot use SIP - unless you can make a different Bonjour query and find a SIP service.
I infer that you are working in Java. The most popular XMPP library for Java seems to be Smack.
Thanks for everybody's attention, now I have found something. XMPP doesn't support P2P mode, only supports clients-server-clients. but there is another standard "XEP-0174: Serverless Messaging" which is right for p2p chat in local network. DNS-SD + XEP-0174 , ichat works in this way.
as I used smack library, it do not support p2P; but someone did some changes, here is the link
http://issues.igniterealtime.org/browse/SMACK-262 .
I didn't try this XMPPLLConnection, I have looked into the source code of smack, it is based on socket connection. unfortunately there is not any java library for XEP-1074, so I have to work on xml stream over socket.
You may use SIP for that. MDNS will be your discovery mechanism, then you'd use plain SIP for calling, one you learned the URI you wish to dial.
SIPSIMPLE SDK (http://sipsimpleclient.com) implements this feature by sing this expired draft: https://datatracker.ietf.org/doc/html/draft-lee-sip-dns-sd-uri-03 it could be a good start.
Basically your client would generate a URI like sip:random_stuff#ip:port and then publish it along with a display name by using MDNS. The application also browses MDNS for peers on the LAN: _sipuri._udp for example. Once you get some URI you can just dial using SIP.
Google GTalk clients (web, android, windows) have great ability to suck conversation history from server, even though conversations were done an another jabber client.
What jabber (XMPP) functionality (XEP) is used for that or is it some custom thing?
Why no other XMPP client (non Google) has this ability?
P.S. It is programming question, because I am asking about specific XMPP functionality.
It is possible that this is done using message archiving. See XEP-0136: http://xmpp.org/extensions/xep-0136.html
(And with regard to the other answer, this is supported by ejabberd: http://www.ejabberd.im/mod_archive)
Its a property of XMPP server not XMPP/Jabber client. All conversation happens through XMPP Server. So If server wants it can store all the history. As far as I know there is no open source XMPP server which can store history.
Google has it all.
I am not sure, but I think there is no specific XEP for storing history on server.
Server side XEP-0136 (message archiving) can be done with ejabberd + mod_archive (mod_archive_odbc variant with sql backend, for better perfomance) or with openfire server with open archive plugin.
Client side, for XEP-0136 I use vacuum im, http://code.google.com/p/vacuum-im/ , it's open-source and cross platform.
Beside the obvious person to person instant message chat, What else have you used a Jabber server's functionality to enable?
Edit: links to working code to really show it off are particularly useful - and will be more likely to be voted up.
There are unlimited uses for XMPP/Jabber.
Take any message/data you want to send somewhere else and you can use jabber. Run a centralised logging service for distributed services? You can jabber the massage.
You want to check if your services/programs are running? XMPP presence will tell you. If you add custom status messages you can see exactly what is going on.
This is why Cisco has got into the game. Picture a server farm where each blade has a built in mini jabber client. On boot up it will register it's presence to the central server as awaiting work. The central server fires off some work in it's direction and it then changes it's status to "Busy". Another blade finished it's work and changes it's status back to "Available"... rinse and repeat.
When you combine the actual jabber messages with it's Out Of Band abilities, these servers can post where the results of the job can be found.
Anything you can think of needing to pass a message can be done with XMPP to some degree. Be this person to person, program to program, or any combination.
You could use a Jabber server to handle/broker messages between a client application and another server application.
It can actually be pretty effective.
Not me but Martin Woodward used jabber to control a "build bunny" that displays the current status of the build server.
http://www.woodwardweb.com/gadgets/000434.html
XMPP is good for sending messages back and forth between computers that don't need to be broken into chunks. They also can't be terribly big. If you use the right library, it can be pretty easy to set up.
Sending messages to a web page. Proof-of-concept: esagila.com
I plan to use it to receive notifications from my system, such as:
Process did not finish
Report was not generated on time
User needs help
I already receive many of these messages as email. But receiving an IM could be much more effective.
You might want to look at Vertebra which is...
a framework for orchestrating complex processes in a Cloud. It is designed with an emphasis on security, fault tolerance, and portability.
From the knowledge base:
Why was XMPP chosen for Vertebra?
XMPP based instant messaging can be a good alternative to search engines for information that is small, complete in itself and required frequently and repeatedly. For example, your daily horoscope - you require it daily and it is not large.
To see an example of this add astro#askme.im to your list of contacts in your jabber client (Gmail Chat/Gtalk/or any other Jabber client) and then initiate chat with this contact by sending the word "help".
Also see www.askme.im for a whole list of chat based solutions.
I've used Jabber in the past to get email notifications. Nowadays I use it for low-priority nagios notifications, it is very useful and way cheaper than SMS:
We use xmpp as both a 'bus' and a real-time API at http://superfeedr.com
Iowa State University Department of Agronomy has created this with Jabber: http://mesonet.agron.iastate.edu/iembot/
If you're a weather freak like I am, this is VERY cool stuff!
Apple implements mobileme's push service using Jabber/XMPP's subscription services to send push notifications. That is the most widespread use of Jabber for non-IM purposes I know of. This article has more details.
My friends have also built a Jabber python bot, which is kinda cute but not all that useful :-)
Edit
The most recent Next Big Thing, Google Wave, uses Jabber under the hood. Further illustrates the power of the protcol.
We have used XMPP and BOSH to enable users to communicate with a webbrowser directly and in realtime from their phone.
For example Code you can view our open source API
The vooices site also has live examples where you can control a map and play a game using your phone via your web browser: http://www.vooices.us/
I've always thought XMPP would be a good way to deliver SNMP data. OIDs are really painful, much of the system is insecure, and the SNMP traps never work quite like you want them to. With an XMPP server in the middle and a smart component to make some choices, you can use it to send out jabber or other notifications, kick off restart jobs, update web pages, or whatever else you need.
The XML data is pretty small in this case, and you can have the one XMPP server both talk to humans in message stanzas, or computers with the same protocol.