User Authentication

There are similarities between user registration and user authentication:

  • Authentication must take place outside of a session context (it doesn’t really makes sense inside a session context, anyway). It is perfectly possible to perform a user registration step followed by a user authentication step (for any user) in the same XML stream.

  • Any packets sent before the authentication step (apart from user registration packets) are queued until after the authentication step has been completed.

  • The IQ-get in the jabber:iq:auth namespace is not mandatory but is recommended (even more strongly than the recommendation for the IQ-get in the jabber:iq:register namespace).

Example 7-3 shows a typical authentication process, including the XML stream header exchange.

Example 7-3. A typical user authentication process

Here the authentication process immediately follows the initial XML stream header exchange: 

SEND: <?xml version='1.0'?>
      <stream:stream to='yak' xmlns='jabber:client'
                     xmlns:stream='http://etherx.jabber.org/streams'>

RECV: <?xml version='1.0'?>
      <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
                     id='1ED34A55' xmlns='jabber:client' from='yak'>

We ask the server about the authentication methods available for our specific user: 

SEND: <iq type='get'> <query xmlns='jabber:iq:auth'> <username>dj</username> </query> </iq> RECV: <iq type='result'> <query xmlns='jabber:iq:auth'> <username>dj</username> <password/> <digest/> <sequence>496</sequence> <token>3B2DEEC0</token> ...

Get Programming Jabber now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial