XIFF: Integrating with Facebook chat

Hi all,

I’m trying to implement Facebook chat using Flex and the XIFF library from Ignite Realtime, but running into some issues. I’m following the guidelines in the official doc (terrible): http://developers.facebook.com/docs/chat, and this forum post (good): http://forum.developers.facebook.net/viewtopic.php?pid=209721#p209721.

I implemented the X-FACEBOOK-PLATFORM SASL auth as a class extending XIFF’s SaslAuth. Here’s what my code looks like: http://pastebin.com/A6NbHTt6. However, it doesn’t work! See a sample session at the end of this post.

If anyone could shed some light on what’s going on, it would help me out a lot!


OUT: <?xml version="1.0" encoding="UTF-8"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="chat.facebook.com" xml:lang="en" version="1.0"> IN: <?xml version="1.0"?><stream:stream id="C78B06EB" from="chat.facebook.com" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0" xml:lang="en"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> OUT: <auth mechanism="X-FACEBOOK-PLATFORM" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> IN: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9N0JGOUNDRTZFODRBNzUzQjgxOUU0MkZBNjRFMzk2MTc=</challenge>
version=1&method=auth.xmpp_login&nonce=7BF9CCE6E84A753B819E42FA64E39617 OUT: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dj0xJTJFMCZtZXRob2Q9YXV0aCUyRXhtcHAlNUZsb2dpbiZzaWc9OTMxYzE0ZjM0MWE4ZTkyOTQ3
NTUmY2FsbCU1RmlkPTEyODQ3MTQ0NzY=</response> IN: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>

I’ve had it working locally for a while now. I’ll commit the code soon.

Ok… its committed.


Thanks Mark! It works perfectly.

I’d love to see a sample of this. I keep getting a “not-authorized” error.

YEAH!!! I got it!

Rich, can you post your working example?

I’m getting the same Authentication Error.

What did you have to do to resolve this?

I would actually not use this implementation. Compiling your facebook app id and app secret into your application is a huge security risk as it is easy to decompile your app into plain text and get those values. We had to set up a rest endpoint that we pass the challenge to and it gets signed server side and passed back.

where is committed code? i am not able to find it.

Please let us know,because we are trying a lot but getting <failure… >. We are using X-Facebook Platform authentication mechanism.

There is a class named XFacebookPlatform that handles the challenge response.

You can grab the latest code from our nightly builds here: http://www.igniterealtime.org/downloads/nightly_xiff.jsp