Nextcloud/XMPP with differents username/password

[FlorentCoppint]

Hi,
Is there any reason why for now, we need exact same username/password for Nextcloud & XMPP server ?
Could it be possible, to let user enter its XMPP settings ?
For example, Mail app is doing this, we don't need to have same auth for IMAP & Nextcloud.
Thank you.

[sualko]

Yes there is a reason. This app needs those credentials on the client side (in contrast to the mail app) and therefore every other app could request those credentials and do what ever they like with them. Therefore we created an authentication module which authenticates xmpp users against your nc or through a time-limited token.

[FlorentCoppint]

According to you, Mail app does not need to store credentials ? How can it connect to mail server without that ?
Nextcloud API does not allow an app to have private config options ? (not available to others apps)

[sualko]

The mail app is using those credentials on the backend and I don't want to expose those to the client side, because every script running on the site or user sitting in front of an authenticated session could access them.

[FlorentCoppint]

Mail is storing passwords encrypted in database, the same way as Nextcloud does for its user accounts. I don't see what's the problem...
I don't know how authentication works in XMPP, but I think JSXC needs to send password to server, so app needs to know password. Isn't it ?

[sualko]

To make a long story short, we will not support stored credentials. We think it's to risky and we will not endanger our users.

[dbielz]

Really a pitty. My jabber account and my owncloud account have a different origin and history; and now I can choose to either move my owncloud account / credentials / data, or to migrate my chat partners / history / data, if I want to use this convenient way to use jabber?
I mean, there already ARE options to let users override server-side settings and to store user name etc.; so the server owner (very often the same as the principal user of the respective instance ...) already can decide to switch this on or off, and the user himself can decide whether to store different credentials or to use the login credentials. I already thought that something's wrong with my installation until I found this thread.
It's not very nice of you to regard your users like children this way.

Anyhow, this aspect renders jsxc.nextcloud useless for me. I will neither migrate my nextcloud account nor my jabber account.

[sualko]

@dbielz this is a community project, so stop complaining and start coding. If you like you can create a pr which extends this app to your needs. E.g. if the xmpp authentication happens on the server side, I have no problems to store those credentials on the users risk and pass the session parameters to the client side.

[dbielz]

Yes, I am aware, that this is a community project etc. I would never complain about things being not perfect or so. I am just referring about your answer

... we will not support stored credentials. We think it's to risky and we will not endanger our users.

which I think is a bit, well, shortsighted. If you say: "we rate other issues more important and don't have the time to implement this", I would perfectly accept this argument as substantiated. Thanks for your time.

[davidchisnall]

I see. It seems JSXC is not usable for my use case then. Never mind.

[sualko]

@davidchisnall pull requests are always welcome