# ejabberd extauth script for OIDC Password Grant Flow
This script enables the use of OIDC providers for password login in ejabberd.
It uses the [Password Grant](https://oauth.net/2/grant-types/password/), which
is considered legacy. However, with ejabberd [lacking proper OIDC support](https://github.com/processone/ejabberd/issues/3437),
it is a viable work-around.
## Installation
It is best to install the script using `pip` until it gets available in distributions:
```shell
sudo pip install --break-system-packages ejhabberd-extauth-oidc-password
```
This makes the script available at `/usr/local/bin/ejabberd_extauth_oidc_password`.
## Configuration
### Configuring the script
The script needs the following information about the OIDC provider:
* Issuer URL
* Token URL
* Client ID
* Client secret
Then, the script can be configured in `/etc/ejabberd/extauth/oidc_password.yml`:
```yaml
handler:
test.example.com: # one block per XMPP server domain
issuer: https://idp.example.com
token_url: https://idp.example.com/oauth/token/
client_id: myclient_abcd
client_secret: top_secret
```
### Configuring ejabberd
For ejabberd, follow the instructions for [configuring external authentication](https://docs.ejabberd.im/admin/configuration/authentication/#external-script).
Set `extauth_program` to `/usr/local/bin/ejabberd_extauth_oidc_password`.
Raw data
{
"_id": null,
"home_page": "https://codeberg.org/Natureshadow/ejabberd-extauth-oidc-password",
"name": "ejabberd-extauth-oidc-password",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.11",
"maintainer_email": null,
"keywords": "ejabberd, xmpp, oidc",
"author": "Dominik George",
"author_email": "nik@naturalnet.de",
"download_url": "https://files.pythonhosted.org/packages/dc/24/9f9450f34ecb3f7f0fac075adf33a667fd9a186b1fc31ce817af17b2fa7e/ejabberd_extauth_oidc_password-1.0.1.tar.gz",
"platform": null,
"description": "# ejabberd extauth script for OIDC Password Grant Flow\n\nThis script enables the use of OIDC providers for password login in ejabberd.\nIt uses the [Password Grant](https://oauth.net/2/grant-types/password/), which\nis considered legacy. However, with ejabberd [lacking proper OIDC support](https://github.com/processone/ejabberd/issues/3437),\nit is a viable work-around.\n\n## Installation\n\nIt is best to install the script using `pip` until it gets available in distributions:\n\n```shell\nsudo pip install --break-system-packages ejhabberd-extauth-oidc-password\n```\n\nThis makes the script available at `/usr/local/bin/ejabberd_extauth_oidc_password`.\n\n## Configuration\n\n### Configuring the script\n\nThe script needs the following information about the OIDC provider:\n\n* Issuer URL\n* Token URL\n* Client ID\n* Client secret\n\nThen, the script can be configured in `/etc/ejabberd/extauth/oidc_password.yml`:\n\n```yaml\nhandler:\n test.example.com: # one block per XMPP server domain\n issuer: https://idp.example.com\n token_url: https://idp.example.com/oauth/token/\n client_id: myclient_abcd\n client_secret: top_secret\n```\n\n### Configuring ejabberd\n\nFor ejabberd, follow the instructions for [configuring external authentication](https://docs.ejabberd.im/admin/configuration/authentication/#external-script).\nSet `extauth_program` to `/usr/local/bin/ejabberd_extauth_oidc_password`.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "ejabberd extauth script to use OpenID Connect with the Resource Owner Password Grant Flow",
"version": "1.0.1",
"project_urls": {
"Homepage": "https://codeberg.org/Natureshadow/ejabberd-extauth-oidc-password",
"Repository": "https://codeberg.org/Natureshadow/ejabberd-extauth-oidc-password"
},
"split_keywords": [
"ejabberd",
" xmpp",
" oidc"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "88fe1d4e8d8d9e3b43b472bf689959a674c8f50dd74f7b45c9b807f125cc6bce",
"md5": "4c098aa13c3d7eed95ffd577ba9a5d1f",
"sha256": "d801e2e0087ea215d46e1064da669ac8d8e373f8b1796076d36979cb7c5ab22e"
},
"downloads": -1,
"filename": "ejabberd_extauth_oidc_password-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4c098aa13c3d7eed95ffd577ba9a5d1f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.11",
"size": 3017,
"upload_time": "2024-07-22T20:52:44",
"upload_time_iso_8601": "2024-07-22T20:52:44.965601Z",
"url": "https://files.pythonhosted.org/packages/88/fe/1d4e8d8d9e3b43b472bf689959a674c8f50dd74f7b45c9b807f125cc6bce/ejabberd_extauth_oidc_password-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "dc249f9450f34ecb3f7f0fac075adf33a667fd9a186b1fc31ce817af17b2fa7e",
"md5": "0aee9ed050157ef85f273429e5b503c3",
"sha256": "5da3154a9110f2705d985689fddd03885931742833537a24fa29db20c8b7a174"
},
"downloads": -1,
"filename": "ejabberd_extauth_oidc_password-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "0aee9ed050157ef85f273429e5b503c3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.11",
"size": 2282,
"upload_time": "2024-07-22T20:52:46",
"upload_time_iso_8601": "2024-07-22T20:52:46.416745Z",
"url": "https://files.pythonhosted.org/packages/dc/24/9f9450f34ecb3f7f0fac075adf33a667fd9a186b1fc31ce817af17b2fa7e/ejabberd_extauth_oidc_password-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-22 20:52:46",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": true,
"codeberg_user": "Natureshadow",
"codeberg_project": "ejabberd-extauth-oidc-password",
"lcname": "ejabberd-extauth-oidc-password"
}
JSON