S2S with Google is "not authorized"

I've been having trouble lately with S2S connections with Google servers, and I can't quite figure out why. Checking the network traffic, the conversation always goes like this:

Me: <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' from='seatribe.se' to='gmail.com' version='1.0'>
Google: <stream:stream id="57EB510CF8986F80" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" xmlns:db="jabber:server:dialback">
Me: <db:result from='seatribe.se' to='gmail.com'>4120649965</db:result>
Google: <stream:error><not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-streams"/></stream:error></stream:stream>

(Sorry, I don't know how to properly quote XML on this forum. Apparently, entity-replacement of tags doesn't work, but if I leave the tags in, that doesn't work either. Please enlighten me.)

I'm not terribly experienced with the XMPP protocol, but checking the documentation, the "not-authorized" error seems to mean that Google expects some kind of authentication from my side, but it's no obvious to me what. The only thing that comes to mind might be some TLS certificate, but ejabberd doesn't seem to want to use TLS here. However, when looking at the logs, it says the following during the brief S2S conversation:

2017-12-22 14:05:17.611 [info] <0.897.0>@ejabberd_s2s:new_connection:456 New s2s connection started <0.960.0>
2017-12-22 14:05:17.611 [info] <0.960.0>@ejabberd_s2s_out:log_s2s_out:1315 Trying to open s2s connection: seatribe.se -> gmail.com with TLS=true
2017-12-22 14:05:18.322 [info] <0.960.0>@ejabberd_s2s_out:wait_for_validation:486 wait for validation: seatribe.se -> gmail.com (xmlstreamend)

I'm not sure why it says "TLS=true", but then doesn't attempt to use it. Does anyone know? TLS does work for C2S connections, by the way.

As I'm a newcomer to this forum, I'm sorry if I'm missing something obvious, but I've been searching both here and on Google for this issue for a couple of days now, and it's not obvious to me what the problem is, at least.

(By the way, as an aside, is it really intentional that the forum should require Captchas just to preview the post? It made it quite annoying to try and figure out the proper XML code quoting, even though I failed in the end anyway.)

Hello, See:

I'm not sure what it is you

I'm not sure what it is you want to imply with that link. If you want to imply that Google is turning off federation with other domains, then the article even goes out of its way to explain that to not be the case. The article that it in turn links to explains that the only problem is that Google's Hangouts client does not properly handle messages from federated XMPP clients, which is not my problem, since I don't use the Hangouts client anywhere.

If I misunderstood your implications, I'm sorry, but then please do elaborate.

I've seen on multiple sites

I've seen on multiple sites that Google killed most of their xmpp interoperability. I'm not sure why they wouldn't, it is antithetical to everything they are doing..

Even if there is some interoperability left, it is likely only a matter of time before they remove it. It makes no sense at all for them to support it.


Syndicate content