Media Server user authentication - XEP-0070

XEP-0070 is a known specification of how verify HTTP requests via XMPP. It has basically 8 steps.

In the Media Server, when a HTTP request arrives, the HTTP side forwards the request to a AuthVerifier class, this class has control over an XMPP component, to send and receive packets in a synchronous way, via a SyncReplySend util class. Once the AuthVerifier class receives the request, it "asks" if the client has sent it, if yes, the request is authorized, if not, the HTTP side returns a 403 error.

Here is the sequence diagram:

To send its credentials, the client has two options:

  • Via HTTP auth: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  • Via URL: /media/ both ways, the client's JID and transaction id, are separated by a ; and are base 64 encoded.This week, we hope to do the first deploy, to finally see the Media Server running in a production environment!