Using
-
Converse JS v0.9.5 as web frontend for messenger
-
Openfire XMPP Server v3.10.2 as messenger’s backend
-
Web application itself is written in PHP.
For now, Openfire and website has separate databases but they are synchronized.
**What I want to achieve is: **
when user signs in to website, Converse JS also must login and create persistent connection with [Openfire XMPP Server][2] during whole user session untlil logs out.
What I’ve found
Googled a lot and researched on both Converse JS and Openfire websites.
Read that, there is prebind property and Single Session Support for Converse JS which allows to achieve what I want. They also, provide PHP library example for website.
What I’ve done
Initial script for Converse JS looks like that:
converse.initialize({
bosh_service_url: 'https://bind.example.com',
keepalive: true,
jid: 'me@example.com',
authentication: 'prebind',
prebind_url: 'http://example.com/api/prebind',
allow_logout: false
});
As far as I understand whole process goes like below:
- sends jid to prebind_url which is http://example.com/api/prebind (take a look at configuration properties above)
- PHP backend receives jid (which is username). To authenticate in XMPP server password, login must be in plain text format. Converse JS, as far as I know, to keep user logged in messenger, may send request to http://example.com/api/prebind pretty much everytime when it needs (jid, sid, rid). So, from PHP side plain text authentication is required to be ready everytime.
- PHP backend gets results from XMPP Server (jid, sid, rid) using [PHP library][5]
- Returns back jid, sid, rid as JSON
So question is
Confusion starts in 2nd step: should I save user’s XMPP password and login in plain text format in PHP sessions because of XMPP authentication? Or am I getting it wrong and there is more secure way to achieve it?
And in 3rd step, while testing with working username and password getting Invalid challenge response received error. Is there any working library for authenticating from PHP?