AnsweredAssumed Answered

EXTERNAL authentication should accept empty or null username/password

Question asked by andrelab on Jan 9, 2015
Latest reply on Jan 13, 2015 by Flow

I tried to authenticate with EXTERNAL mech but I got an IllegalArgumentException due to empty username.


Look the code in


    public void login(String username, String password, String resource) throws XMPPException,

                    SmackException, IOException {

        if (StringUtils.isNullOrEmpty(username)) {

            throw new IllegalArgumentException("Username must not be null or empty");


        usedUsername = username;

        usedPassword = password;

        usedResource = resource;

        loginNonAnonymously(username, password, resource);



I think it should allow null usernames. The XEP-0178 says:


If the client certificate contains only one JID, then the client MAY include an authorization identity, but only if it desires to be authorized as a JID other than the address in the client certificate; else it MUST NOT include an authorization identity (this is shown in the following example by setting the XML character data of the <auth/> element to "=").

Example 9.

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'