XEP-0070 is a known specification of how verify HTTP requests via XMPP. It has basically 8 steps.
In the Media Server, when a HTTP request arrives, the HTTP side forwards the request to a AuthVerifier class, this class has control over an XMPP component, to send and receive packets in a synchronous way, via a SyncReplySend util class. Once the AuthVerifier class receives the request, it "asks" if the client has sent it, if yes, the request is authorized, if not, the HTTP side returns a 403 error.
Here is the sequence diagram:
To send its credentials, the client has two options:
- Via HTTP auth: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
- Via URL: /firstname.lastname@example.org?auth=QWxhZGRpbjpvcGVuIHNlc2FtZQ==In both ways, the client's JID and transaction id, are separated by a ; and are base 64 encoded.This week, we hope to do the first deploy, to finally see the Media Server running in a production environment!