I have a running application that has the phone number as identifier and users are granted access token to access other apis if they verify their accounts. I don't have passwords.
to explain it more : the client verifies the phone number throw a code sent to the phone number , if verified then the client is granted an access token that can be used to call other apis of the application
Now Im adding chat feature to the application and I setup an xmpp server (ejabberd) . how can I configure ejabberd to authenticate users through this access token? I have configured ejabberd to work with sql
At Ejabberd side you can enable external auth script
So Ejabberd will receive your token, verifies it (it goes to your Phone Auth service API to just verify it) and then returns true/false if it's valid hence authenticate your user or not
This is a pretty common solution for your issue