In order to authenticate with Facebook's chat platform, you need to use either DIGEST-MD5 (a hash of the users username/password - old skool) or if your application uses OAuth, then use Facebook's X-FACEBOOK-PLATFORM mechanism. I outline here how I implemented this authentication as part of the XDA Facebook for Windows Mobile application, which will include Facebook chat.
Xmpp is basically a XML document conversation, where client and server 'build' their documents in parallel. From a coding point of view, I found it easier to write my own XML parser [yes, insane I know!] One of the main motivators behind this, is that an XMPP conversation deals in XML fragments.
Open a connection to chat.facebook.com
Send 'stream:stream' You initialise a conversation by opening a stream with the server. This is a "hello server" step.
You should then receive a response; "hello back" followed by "list of ways to authenticate". Notice that this includes <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> which indicates that the server supports SSL communication. There is more information which we ignore for now.
We switch to Transport Layer Security by continuing our plain text conversation by sending StartTLS message
The expected plain text response is
In my Connection class code (which has 3 public methods 'Send' 'Receive' and now 'StartTls') I also have NetworkStream and a SslSocket members.
Once you have the SslStream open, use this for the reading/writing to the socket. Begin a new stream <stream:stream... as above and get new stream:features which does not include StartTls since we are using TLS.
This time we are interested the //stream:stream/stream:features/mechanisms/mechanism X-FACEBOOK-PLATFORM element.
Select authentication mechanism by telling the server we'll use X-Facebook-Platform authorisation.
The service responds with...
This challenge ('dmVyc2...') is a Base64 Encoded string, which we can convert to a string by doing the following
Which gives us: version=1&method=auth.xmpp_login&nonce=3B53CFB6EE...FB424B68 I parse this in my code by doing a Split('&') to get three name=value pairs, then Split('=') to get name / value.
We use these to create our response which includes the following fields (in & separated name=value pairs)
- method - the Method field received in the challenge
- api_key - your Facebook Application key
- access_token - the Users OAuth Access Token
- call_id - some unique value (i.e. seconds since 1970)
- v - the Version field received in the challenge
- nonce - the Nonce field received in the challenge
In this new version, we no longer need the to calculate a signature. We simply covert this string into a Base64 Encoded string and pass it back to the service in a response.
Convert.ToBase64String( Encoding.UTF8.GetBytes( response ) )
Assuming that your user has permitted xmpp_login permission during the OAuth process, you should get the response
Now you're ready to actually do something with the service!
Update August 2013
Since a few people seem to have problems with getting started with this code I've made a very quick and dirty web application. You can try a demo in Quigley's Lab and download the source code for that lab.