XIFF: Integrating with Facebook chat

Karthik · September 17, 2010, 9:34pm

Hi all,

I’m trying to implement Facebook chat using Flex and the XIFF library from Ignite Realtime, but running into some issues. I’m following the guidelines in the official doc (terrible): http://developers.facebook.com/docs/chat, and this forum post (good): http://forum.developers.facebook.net/viewtopic.php?pid=209721#p209721.

I implemented the X-FACEBOOK-PLATFORM SASL auth as a class extending XIFF’s SaslAuth. Here’s what my code looks like: http://pastebin.com/A6NbHTt6. However, it doesn’t work! See a sample session at the end of this post.

If anyone could shed some light on what’s going on, it would help me out a lot!

SESSION:

OUT: <?xml version="1.0" encoding="UTF-8"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="chat.facebook.com" xml:lang="en" version="1.0"> IN: <?xml version="1.0"?><stream:stream id="C78B06EB" from="chat.facebook.com" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" xml:lang="en"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> OUT: <auth mechanism="X-FACEBOOK-PLATFORM" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> IN: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9N0JGOUNDRTZFODRBNzUzQjgxOUU0MkZBNjRFMzk2MTc=</challenge>
version=1&method=auth.xmpp_login&nonce=7BF9CCE6E84A753B819E42FA64E39617 OUT: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dj0xJTJFMCZtZXRob2Q9YXV0aCUyRXhtcHAlNUZsb2dpbiZzaWc9OTMxYzE0ZjM0MWE4ZTkyOTQ3
MTQyZDM2Zjk3YWQ0JmFwaSU1RmtleT1hYjQ2YTIxMWRiOWVjZWQwNDNlNjJhODUxNjkzOWJmZiZu
b25jZT03QkY5Q0NFNkU4NEE3NTNCODE5RTQyRkE2NEUzOTYxNyZzZXNzaW9uJTVGa2V5PTIlMkU1
UHZJZWRmSk8lNUZwZ09ZM0JmdlB0eWclNUYlNUYlMkUzNjAwJTJFMTI4NDcyMTIwMCUyRDEyMDkw
NTUmY2FsbCU1RmlkPTEyODQ3MTQ0NzY=</response> IN: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>

Mark_Walters · September 18, 2010, 3:29am

I’ve had it working locally for a while now. I’ll commit the code soon.

Mark_Walters · September 18, 2010, 3:45am

Ok… its committed.

Enjoy

Karthik · September 21, 2010, 7:20am

Thanks Mark! It works perfectly.

Rich_Rodecker · October 11, 2010, 3:31am

I’d love to see a sample of this. I keep getting a “not-authorized” error.

Rich_Rodecker · October 11, 2010, 10:09am

YEAH!!! I got it!

Rob13 · October 11, 2010, 10:44pm

Rich, can you post your working example?

I’m getting the same Authentication Error.

What did you have to do to resolve this?

Jeff18 · October 22, 2010, 2:52am

I would actually not use this implementation. Compiling your facebook app id and app secret into your application is a huge security risk as it is easy to decompile your app into plain text and get those values. We had to set up a rest endpoint that we pass the challenge to and it gets signed server side and passed back.

Anand · June 21, 2011, 9:47am

where is committed code? i am not able to find it.

Please let us know,because we are trying a lot but getting <failure… >. We are using X-Facebook Platform authentication mechanism.

Mark_Walters · June 21, 2011, 5:31pm

There is a class named XFacebookPlatform that handles the challenge response.

You can grab the latest code from our nightly builds here: http://www.igniterealtime.org/downloads/nightly_xiff.jsp