librelist archives

« back to archive

Prebinding with php

Prebinding with php

From:
Amador Rosa Garrido
Date:
2015-03-25 @ 10:33
Hi! i've been doing some progress with my little own project, i'm a bit
stuck though trying to understand how prebinding works... I think I get the
idea that you don't auntenthicate via user+password rather you do it via
"tokens".

But I still have some problems. I took the repo from Michael Weibel to set
prebinding with php found in the converse documentation (sso support
examples).

When trying to adapt it to my own situation I find some parameters I don't
know how to set.

>class prebindgen{
> protected $xmppPrebind;
> protected $sessionInfo;
> public function __construct($xmpphost, $xmppbosh, $clientsresources){
> $this->xmppPrebind = new XmppPrebind($xmpphost, $xmppbosh,
$clientsresources, false, false);
> $this->xmppPrebind->connect($username,$password);
> $xmppPrebind->auth();
> $this->sessionInfo = $this->xmppPrebind->getSessionInfo();
> }
> public function jsonsession(){
> $jsonsession = json_encode($this->sessionInfo);
> return $jsonsession;
> }
>}

On the  XmppPrebind constructor 3rd parameter is what in the example they
define as 'Your XMPP Clients resource name' what is that?

Then with the connect function there are ($username and $password)
parameters, where do I get those from? the login form in my web page?

I'm having some problems to find some documentation about how prebinding
works...I would appreciate a lot any links with info about it ^^

Re: [conversejs] Prebinding with php

From:
Jc Brand
Date:
2015-03-25 @ 20:52
On Wed, Mar 25, 2015 at 11:33:14AM +0100, Amador Rosa Garrido wrote:
>    Hi! i've been doing some progress with my little own project, i'm a bit
>    stuck though trying to understand how prebinding works... I think I get
>    the idea that you don't auntenthicate via user+password rather you do it
>    via "tokens".
>    But I still have some problems. I took the repo from Michael Weibel to set
>    prebinding with php found in the converse documentation (sso support
>    examples).
>    When trying to adapt it to my own situation I find some parameters I don't
>    know how to set.
>    >class prebindgen{
>    >    protected $xmppPrebind;
>    >    protected $sessionInfo;
>    >    public function __construct($xmpphost, $xmppbosh, $clientsresources){
>    >            $this->xmppPrebin d = new XmppPrebind($xmpphost, $xmppbosh,
>    $clientsresources, false, false);
>    >            $this->xmppPrebind->connect($username,$password);
>    >            $xmppPrebind->auth();
>    >            $this->sessionInfo = $this->xmppPrebind->getSessionInfo();
>    >    }
>    >    public function jsonsession(){
>    >            $jsonsession = json_encode($this->sessionInfo);
>    >            return $jsonsession;
>    >    }
>    >}

>    On the  XmppPrebind constructor 3rd parameter is what in the example they
>    define as 'Your XMPP Clients resource name' what is that?

The resource is part of the JID which uniquely defines the device (or chat
client) which the user is using. It comes after the domain name.

For example if you are logged in with your mobile and laptop, you could have
two JIDs:

    me@example.com/laptop
    me@example.com/mobile

The resources values are "laptop" and "mobile". They don't have to be 
proper words,
They can also simply be random numbers or text.

>    Then with the connect function there are ($username and $password)
>    parameters, where do I get those from? the login form in my web page? 

Yes, this is one of the key questions when adding XMPP integration into your
app.

There are different approaches here which require varying levels of expertise.

Either you need to store the XMPP username and passwords of your users
somewhere, or alternatively you could implement some kind of scheme whereby you
send a one-time token which the server then validates against your website
before logging the user in.

The second approach requires customization of your XMPP server (something like
for example an external authentication script) and is therefore more
complicated, but also much more secure.

>    I'm having some problems to find some documentation about how prebinding
>    works...I would appreciate a lot any links with info about it ^^

Did you read the converse.js documentation? It's explained there and provides
links for further reading.

JC

Re: [conversejs] Prebinding with php

From:
Amador Rosa Garrido
Date:
2015-03-26 @ 07:15
Thanks, this helped me a lot!

2015-03-25 21:52 GMT+01:00 JC Brand <lists@opkode.com>:

> On Wed, Mar 25, 2015 at 11:33:14AM +0100, Amador Rosa Garrido wrote:
> >    Hi! i've been doing some progress with my little own project, i'm a
> bit
> >    stuck though trying to understand how prebinding works... I think I
> get
> >    the idea that you don't auntenthicate via user+password rather you do
> it
> >    via "tokens".
> >    But I still have some problems. I took the repo from Michael Weibel
> to set
> >    prebinding with php found in the converse documentation (sso support
> >    examples).
> >    When trying to adapt it to my own situation I find some parameters I
> don't
> >    know how to set.
> >    >class prebindgen{
> >    >    protected $xmppPrebind;
> >    >    protected $sessionInfo;
> >    >    public function __construct($xmpphost, $xmppbosh,
> $clientsresources){
> >    >            $this->xmppPrebin d = new XmppPrebind($xmpphost,
> $xmppbosh,
> >    $clientsresources, false, false);
> >    >            $this->xmppPrebind->connect($username,$password);
> >    >            $xmppPrebind->auth();
> >    >            $this->sessionInfo =
> $this->xmppPrebind->getSessionInfo();
> >    >    }
> >    >    public function jsonsession(){
> >    >            $jsonsession = json_encode($this->sessionInfo);
> >    >            return $jsonsession;
> >    >    }
> >    >}
>
> >    On the  XmppPrebind constructor 3rd parameter is what in the example
> they
> >    define as 'Your XMPP Clients resource name' what is that?
>
> The resource is part of the JID which uniquely defines the device (or chat
> client) which the user is using. It comes after the domain name.
>
> For example if you are logged in with your mobile and laptop, you could
> have
> two JIDs:
>
>     me@example.com/laptop
>     me@example.com/mobile
>
> The resources values are "laptop" and "mobile". They don't have to be
> proper words,
> They can also simply be random numbers or text.
>
> >    Then with the connect function there are ($username and $password)
> >    parameters, where do I get those from? the login form in my web page?
>
> Yes, this is one of the key questions when adding XMPP integration into
> your
> app.
>
> There are different approaches here which require varying levels of
> expertise.
>
> Either you need to store the XMPP username and passwords of your users
> somewhere, or alternatively you could implement some kind of scheme
> whereby you
> send a one-time token which the server then validates against your website
> before logging the user in.
>
> The second approach requires customization of your XMPP server (something
> like
> for example an external authentication script) and is therefore more
> complicated, but also much more secure.
>
> >    I'm having some problems to find some documentation about how
> prebinding
> >    works...I would appreciate a lot any links with info about it ^^
>
> Did you read the converse.js documentation? It's explained there and
> provides
> links for further reading.
>
> JC
>