powered by Jive Software

Custom Authentication?

It doesn’‘t seem like there is any facility for custom authentication, unless I’‘m missing something. I don’'t suppose there are any plans for this?

Basically I’'m experimenting with an IM client embedded in another application where the user has already logged in. The only credentials I can get from the application is an authentication token (which the IM server will happily accept in a customised IQ packet)

Would it cause issues if I simply sent a custom packet instead of logging in via the usual method? I guess SMACK would think I was not authenticated?


Hey John,

Unless you modify the XMPP server that you are using changing the way Smack authenticates will not be enough. After a user was authenticated in the server, the server will start accepting packets from the client. So sending other kind of packets to the server will not be enough unless you modify the server code.

When you say that the user has already logged in I’‘m assuming that you are referring to a login in the other application not in the XMPP server. So what you may want to implement is a kind of single sign on (SSO). So when logging in your application, you may automatically log in the user in the XMPP server too. So the user doesn’'t have to log in twice.

Another option, that I’'m not sure, is to use SASL EXTERNAL as a way to authenticate with the server. But, nor Smack or Jive Messenger have support for that.


– Gato

Hi Gaston

Thanks for your reply.

I should have been more clear - we have our own XMPP server which already does accept our authentication tokens for login.

I am looking for ways of using the SMACK API to logon this way.

I thought it would be nice if there was a pluggable feature for custom authentication - i.e. a PacketExtension parameter in the login method. Has this ever been discussed?