JWT secret to use with ejabberd?
I'm following these:
- https://www.process-one.net/blog/ejabberd-19-08/
- https://docs.ejabberd.im/admin/configuration/authentication/#jwt-authentication
and have created a secret.key like below using https://mkjwk.org/ to match the example in the first URL above:
According to https://auth0.com/blog/navigating-rs256-and-jwks/ because this is an HS type:
"Simply put HS256 must share a secret with any client or API that wants to verify the JWT"
So I naively assumed to use the "k" as the secret to sign the JWT on the server issuing the JWT to use in the password field of any XMPP client (stanza.io and pidgin on the desktop).
What am I misunderstanding? I have confirmed ejabberd starts up correctly with (via ejabberdctl live and loglevel 4):
auth_method: [jwt, ldap]
jwt_key: /opt/ejabberd/conf/secret.jwk
and that I can still authenticate with a password in our Directory Server, but I can't with the JWT. I don't think I'm generating it correctly because I'm just signing it like a normal shared key JWT.
Thanks, Gavin.
I was able to authenticate using jwt token, signed the JWT using "k", placed key set `
"keys": [
{
"kty": "oct",
"use": "sig",
"kid": "",
"k": "",
"alg": "HS256"
}
]
` in secret.jwk. And after passing jabber id & jwt token in strophe.connect() it got connected. this is the backend configuration I had
`auth_method: [jwt, sql]
jwt_key: /usr/local/etc/ejabberd/secret.jwk
default_db: sql
new_sql_schema: true
sql_type: mysql
access_rules:
jwt_only:
deny: admin
allow: all
local:
allow: all
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: all
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
jwt_auth_only_rule: jwt_only`
- Reactjs and Nodejs access/refresh jwt token authentication
- Why is lexik-jwt bundle returning an empty token with correct credentials?
- Is there a way to keep oauth2 token for infinite time?
- Issue with JWT token authentication in PyGithub
- io.jsonwebtoken.UnsupportedJwtException: Signed Claims JWSs are not supported
- Why and how to put secrets in environment variables in Node.js?
- Best Practices for Associating userId (from JWT) with Google OAuth Tokens
- How to generate a HS512 secret key to use with JWT
- IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize
- Block API access for any other resource except Frontend
- Can i config Main App of Pyramid with JWT pyramid-jwt and SessionAuthenticationPolicy
- JWT token not yet valid
- Firebase ID token has invalid signature even on jwt
- More accurate JWT token regex in JavaScript
- Error: secretOrPrivateKey must be an asymmetric key when using RS256. What is happening?
- How to get a token from ASP.NET core client
- How do I use JWT token authentication for API requests with rest_framework_simplejwt without needing user identification?
- Twilio Access Token - how can I check that JWT token (created with Twilio) is expired, from Swift side?
- Securing JWT tokens against attackers
- Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
- How to avoid multiple token refresh requests when making simultaneous API requests with an expired token
- Google Cloud: sign a JWT while impersonating a service account
- How to generate a refresh token?
- How to avoid multiple refresh token call, if there are multiple API calls get unauthorized because access token expired
- CSRF token requirement if implemented JWT
- Creating JWT in Coldfusion for google Service account
- Unexpected JWT alg received, expected RS256, got: HS256
- API can't access to private endpoints (403 Forbidden) even though user is authenticated
- Why do I get a "io.jsonwebtoken.ExpiredJwtException"?
- .NET Core 3.1 GoogleSignIn -The authentication handler registered for scheme 'Bearer' is 'JwtBearerHandler' which cannot be used for SignInAsync