prosody extauth

Adding authentication to Prosody

Prosody already works, but does not yet know about the Nextcloud users (or any users, for that matter). It is time to change this.

Create the following file, using the template in /opt/xmpp-cloud-auth/external_cloud.conf. Please verify that

• the url variable has the same value as the "API URL" field in the Nextcloud JSXC admin page you kept open in the previous step
• the secret variable uses the value from "Secure API token" ibidem

/etc/external_cloud.conf

# Example external_cloud.py configuration file
#
# Preferably put this in /etc,
# and make it readable only for the user the XMPP server is running under
#
# Config files are only supported if ConfigArgParse python module
# is installed. Install e.g. using "pip install ConfigArgParse".
# If "external_cloud.py -h" shows the "-c" option, it is installed.

# Type: ejabberd or prosody
#
#type=ejabberd
type=prosody

# URL: Where JSXC for Nextcloud (>=3.2.0) can be queried
# Shown in the Nextcloud JSXC administration settings
#
#url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php
url=https://example.org/index.php/apps/ojsxc/ajax/externalApi.php

# Secret: API token
# Shown in the Nextcloud JSXC administration settings
#
#secret=0123456789ABCDEF
secret=CHANGEME

# Log: Log directory
# In this directory, extauth.{log,err} will be created
#
#log=/var/log/ejabberd
log=/var/log/prosody

# Debug: Log more
#
#debug

⚠️ Anyone knowing the API token can authenticate as any user to the XMPP server. So please make sure it does not fall into the wrong hands. This also means that any file with it should be protected from prying eyes:

chown prosody:prosody /etc/external_cloud.conf
chmod 600 /etc/external_cloud.conf

Next: Enjoy your fully JSXC-chat-enabled Nextcloud!