When to explicitly set the authzid of the XMPP connection configuration

Version used: 4.3.4

I’m trying to understand when I should be setting the authzid value in my XMPP connection configuration. The ConnectionConfiguration.setAuthzid documentation says:

In general, callers should allow the server to select the authorization identifier automatically, and not call this.

However, when this value is not set, the encrypted authentication string sent along with the authentication packet is different than if is included as part of the configuration. I noticed this while testing integration into various XMPP servers which are not under my control. For some, it doesn’t seem to matter whether the authzid is explicitly set, the server authenticates the user fine even though the sent <auth/> packet has a different encrypted authentication string. For others, if I do not explicitly set the authzid, I get this error:

org.jivesoftware.smack.sasl.SASLErrorException: SASLError using PLAIN: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1200)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
at java.lang.Thread.run(Thread.java:745)

What I am wondering is when/why should consumers of the Smack library be setting this value? I understand that for authentication mechanisms that do not support authzid we wouldn’t want that value to be set, however, if the library returns true for SASLMechanism.authzidSupported authentication is being used and no authzid value has been provided, could one be created and set internally (I believe an EntityBareJid is needed for this)?

I understand if there are technical reasons this cannot be done, I am just trying to understand what those are or what I am missing/not understanding. I am neither an expert with Smack nor with XMPP, so it is very likely I am missing something.

Thanks in advance for any help/insight, it is much appreciated.

Well, obviously if you configure Smack to send additional metadata then it will send it.

I expect auhtzid to be optional. From RFC 4422 § 3.4.1:

If the authorization identity string is absent, the client is
requesting to act as the identity the server associates with the
client’s credentials. An empty string is equivalent to an absent
authorization identity.

If servers return an error if it is not set, then it is a bug in the server implementation.

That is simple: Whenever you want to make use of this feature (most people won’t). Otherwise you do no need to set it.

Not in a robust fashion, because, strictly speaking, your JID is not known until binding, which happens later. Also this is the category “workaround for broken (server) implementations”, which are usually not included in Smack.

This topic was automatically closed 62 days after the last reply. New replies are no longer allowed.