Home » Forums » ejabberd & XMPP » ejabberd Administration

Trying to access API from other server, but not authorized

Submitted by jomag on Fri, 2017-01-13 15:19

Hi

So I have an Ejabberd server that get roster and account information from a webserver. Now I need that webserver to access the Ejabberd API as well (to notify ejabberd when the roster has changed, there's another post about some issues with that in the development forum).

First thing is to generate an OAuth token, and for some reason not even that works currently:

% ejabberdctl oauth_issue_token web@xmpp.myserver.se 1000000 get_roster
{error,access_rules_unauthorized}

Here's my ejabberd.yml:

loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

hosts:
  - "xmpp.myserver.se"

listen:
  -
    port: 5222
    module: ejabberd_c2s
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
-
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/api": mod_http_api
      "/oauth": ejabberd_oauth
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: true

auth_method: custom
disable_sasl_mechanisms:
  ["X-OAUTH2"]

shaper:
  normal: 1000
  fast: 50000

max_fsm_queue: 1000

acl:
  admin:
    user:
      - "web@xmpp.myserver.se"
  local:
    user_regexp: ""
  loopback:
    ip:
      - "127.0.0.0/8"

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    - 5000: admin
    - 100
  c2s_shaper:
    - none: admin
    - normal
  s2s_shaper: fast

access_rules:
  local:
    - allow: local
  c2s:
    - deny: blocked
    - allow
  announce:
    - allow: admin
  configure:
    - allow: admin
  muc_create:
    - allow: local
  pubsub_createnode:
    - allow: local
  register:
    - allow
  trusted_network:
    - allow: loopback

language: "en"

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_blocking: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco: {}
  mod_irc: {}
  mod_http_bind: {}
  mod_last: {}
  mod_muc:
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
  mod_pubsub:
   access_createnode: pubsub_createnode
    ignore_pep_from_offline: true
    last_item_cache: false
    plugins:
      - "flat"
      - "hometree"
      - "pep"
  mod_roster:
    db_type: custom
  mod_shared_roster: {}
  mod_stats: {}
  mod_time: {}
  mod_vcard:
    search: false
  mod_version: {}

allow_contrib_modules: true

# Allow OAuth authentication and token generation
commands_admin_access:
  - allow: all
    - user: "web@xmpp.myserver.se"
    - admin
commands:
  - add_commands: [user, admin, open]
oauth_expire: 360000
oauth_access: all

api_permissions:
  - "Admin access":
    - who:
      - user: "web@xmpp.myserver.se"
    - what:
      - "*"
      - "get_roster"

I've only removed comments.

Any hints?

‹ Cross domain chat CRASH REPORT Process with 0 neighbours crashed ›

I'm using ejabberd 16.12.

Submitted by jomag on Fri, 2017-01-13 15:42.

I'm using ejabberd 16.12.

»
Syndicate content

User login