Authentication and XMPP

231 views
Skip to first unread message

Bjorn Roche

unread,
Jan 16, 2011, 11:04:29 AM1/16/11
to google-a...@googlegroups.com
Hey all,

I am planning to build a web app that provides ReST and XMPP to
custom-built clients. GAE seems like a good choice as google talk is
supposed to be part of the package, but I'm confused about how
authentication works with web vs XMPP. I realize I can either do my
own authentication or use google accounts for the web services.

With Google accounts authentication, how would the clients
authenticate into XMPP? Would it be sufficient to ask the user for
username/password? I assume that would get the user into XMPP, but not
the web services, since google protects its account login services
when doing this on the web. If this does work, what are the
implications? I'm not going to be able to build in features like
facebook connect, etc, right? What about portability away from Google?

If I manage my own user accounts, how can the clients use google's
XMPP services? Is this possible? I don't see any way to create XMPP
accounts or anything like that (user...@my-app.appspotchat.com seems
like something I should/could manage, but I don't see an API. If I let
everyone log in with the same account, can I prevent them from
changing the password?).

Any advice here is appreciated. Thanks,

bjorn

-----------------------------
Bjorn Roche
http://www.xonami.com
Audio Collaboration

Ryan

unread,
Jan 16, 2011, 5:21:37 PM1/16/11
to Google App Engine

Last I looked GAE's XMPP is limited to just sending <message/> stanzas
to your application, and having the application respond with a reply
<message/>. If you want to do anything more complicated with XMPP you
have to use your own servers or server components on some other
infrastructure. That said, you could still develop the REST interface
on GAE, and have your own XMPP server component act as a "proxy" to
the REST interface by marshaling incoming <iq/> request/responses to
the REST interface. Running your own XMPP servers on cheap linux
hosts and/or scaling server capacity with Rackspace or Amazon seems
like a viable solution (with all your data load on GAE you can just
use as many of the cheapest Amazon/Rackspace instances you need to
maintain client connections).

I'd love to see "full" support for XMPP on GAE, but given XMPP's
stateful nature I doubt we'll see it any time soon, if at all.

Thanks,
Ryan

On Jan 16, 9:04 am, Bjorn Roche <bj...@xowave.com> wrote:
> Hey all,
>
>         I am planning to build a web app that provides ReST and XMPP to  
> custom-built clients. GAE seems like a good choice as google talk is  
> supposed to be part of the package, but I'm confused about how  
> authentication works with web vs XMPP. I realize I can either do my  
> own authentication or use google accounts for the web services.
>
>         With Google accounts authentication, how would the clients  
> authenticate into XMPP?  Would it be sufficient to ask the user for  
> username/password? I assume that would get the user into XMPP, but not  
> the web services, since google protects its account login services  
> when doing this on the web. If this does work, what are the  
> implications? I'm not going to be able to build in features like  
> facebook connect, etc, right? What about portability away from Google?
>
>         If I manage my own user accounts, how can the clients use google's  
> XMPP services? Is this possible? I don't see any way to create XMPP  
> accounts or anything like that (user-n...@my-app.appspotchat.com seems  

bejayoharen

unread,
Jan 17, 2011, 9:05:10 PM1/17/11
to Google App Engine
Thanks for your feedback. I should have guessed. I'm not sure if
there's much point for me in developing the REST architecture on GAE
and then using something else for XMPP -- especially if I have to
manage users across the systems.

The XMPP implementation is... not well thought out :(

bjorn

Robert Kluin

unread,
Jan 17, 2011, 11:24:31 PM1/17/11
to google-a...@googlegroups.com
Having access to an XMPP service and running an XMPP service are two
totally different things. To use App Engine's XMPP service, your
users just need some type of jabber account to communicate with your
app. The service provider handles user-authentication, you could
probably ask for a pin or something to verify the user.

I am a bit unclear on what you are tying to do though, you mention
using Google Talk and a custom client. I've written apps that have
XMPP interfaces user can access via Google Talk (or their preferred
client), it works well. Look at the channel API for an example of a
'custom client' that uses XMPP on the back-end (well, partially at
least).

Robert

> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
>

Michael Davidson

unread,
Jan 18, 2011, 11:54:01 AM1/18/11
to Google App Engine
Robert is correct. The XMPP API does not provide an XMPP service for
your users to log into; it provides a way for your app to participate
in the XMPP network. It is analogous to the email API. Your users
don't get email accounts with your app, but your app can send email to
their existing accounts. The same is true of the XMPP API. Your app
can send XMPP traffic, but users have to have a place to receive it.

Michael

bejayoharen

unread,
Jan 18, 2011, 11:54:05 AM1/18/11
to Google App Engine
The Channel API is interesting, but it seems purpose built for
javascript. I could probably be made to work in other situations, but
it seems like it would be a hack. You ask what I am trying to
accomplish: I would like a situation where a client app (written in
any language) can access both my rest API and XMPP services with a
single set of credentials, or, indeed, at all. For example, it would
be nice if they could type their username and password into the app
and be able to connect to both the ReST API and the XMPP services
offered by google Talk. Asking them to sign up for another service is
not an option -- they should only have to sign up for one service at
most (Ideally they should just be able to connect from an existing
social network).

Now, because GAE offers access to google accounts, this essentially
breaks down into four questions: which authentication method and which
service.

1a. How would a user log on to ReST services using Google Accounts?
This isn't clear to me. It seems that a Cookie is required from a web
logon, which really doesn't work for a web service.
1b. How would a user log on to XMPP services using Google Accounts?
Presumably a simple username/password situation would work fine.
2a. How would a user log on to ReST services using "Build-your-own"
Accounts?
Anything can be done here. OAuth seems like the logical choice.
2b. How would a user log on to XMPP services using "Build-your-own"
Accounts?
User or Service would have to create an account on a separate service/
server since there is no way to create a Google Talk account.

So, Robert, you are quite right, I /have/ conflated access to and
control of XMPP service. But perhaps you can see why I made that
mistake.

Does anyone have any suggestions for an XMPP service I pay for that
scales well (I am not anticipating millions of users, but it's nice to
be prepared) and has a simple API for adding/removing users?

thanks,

bjorn

jons...@gmail.com

unread,
Feb 7, 2011, 1:16:45 AM2/7/11
to google-a...@googlegroups.com
Has anything come of this? I've run into the same issue.

What you want is an OAuth accessible API for Google's XMPP servers
like Twitter has. You can only log into Google XMPP with an
account/password. I have embedded devices that send messages and I
don't want the user's account/pw in them in case they get lost.

--
Jon Smirl
jons...@gmail.com

Reply all
Reply to author
Forward
0 new messages