jdev - 2021-06-13


  1. şişio has left
  2. eta has left
  3. eta has joined
  4. Kiwi has left
  5. selurvedu has left
  6. selurvedu has joined
  7. selurvedu has left
  8. selurvedu has joined
  9. selurvedu has left
  10. selurvedu has joined
  11. dezant has left
  12. gutuning has left
  13. gutuning has joined
  14. marc0s has left
  15. marc0s has joined
  16. şişio has joined
  17. selurvedu has left
  18. selurvedu has joined
  19. mikeye has left
  20. mikeye has joined
  21. pulkomandy has left
  22. pulkomandy has joined
  23. marc0s has left
  24. marc0s has joined
  25. dezant has joined
  26. emus has left
  27. gutuning has left
  28. gutuning has joined
  29. şişio has left
  30. şişio has joined
  31. mikeye has left
  32. selurvedu has left
  33. selurvedu has joined
  34. wurstsalat has left
  35. şişio has left
  36. dezant has left
  37. şişio has joined
  38. şişio has left
  39. gutuning has left
  40. selurvedu has left
  41. selurvedu has joined
  42. selurvedu has left
  43. selurvedu has joined
  44. selurvedu has left
  45. selurvedu has joined
  46. gutuning has joined
  47. selurvedu has left
  48. selurvedu has joined
  49. idk has joined
  50. şişio has joined
  51. şişio has left
  52. selurvedu has left
  53. selurvedu has joined
  54. selurvedu has left
  55. selurvedu has joined
  56. Yagizа has joined
  57. mac has left
  58. mac has joined
  59. idk has left
  60. idk has joined
  61. idk has left
  62. gutuning has left
  63. gutuning has joined
  64. idk has joined
  65. larma has left
  66. larma has joined
  67. alex-a-soto has joined
  68. marc0s has left
  69. marc0s has joined
  70. selurvedu has left
  71. selurvedu has joined
  72. selurvedu has left
  73. selurvedu has joined
  74. gutuning has left
  75. gutuning has joined
  76. selurvedu has left
  77. selurvedu has joined
  78. selurvedu has left
  79. şişio has joined
  80. selurvedu has joined
  81. goffi has joined
  82. idk has left
  83. gutuning has left
  84. gutuning has joined
  85. selurvedu has left
  86. selurvedu has joined
  87. Alex has joined
  88. alexbay218 has left
  89. kikuchiyo has joined
  90. mikeye has joined
  91. alexbay218 has joined
  92. Squeaky Latex Folf has joined
  93. mac has left
  94. alexbay218 has left
  95. alexbay218 has joined
  96. debacle has joined
  97. şişio has left
  98. şişio has joined
  99. xecks has joined
  100. paul has left
  101. paul has joined
  102. marc has joined
  103. emus has joined
  104. wurstsalat has joined
  105. lovetox has left
  106. asterix has left
  107. asterix has joined
  108. asterix has left
  109. asterix has joined
  110. Kiwi has joined
  111. lovetox has joined
  112. paul has left
  113. paul has joined
  114. goffi has left
  115. goffi has joined
  116. paul has left
  117. paul has joined
  118. paul has left
  119. paul has joined
  120. emus has left
  121. emus has joined
  122. mikeye has left
  123. şişio has left
  124. goffi has left
  125. şişio has joined
  126. mikeye has joined
  127. lovetox has left
  128. gutuning has left
  129. gutuning has joined
  130. dezant has joined
  131. lovetox has joined
  132. Freddy has left
  133. mikeye has left
  134. şişio has left
  135. mikeye has joined
  136. paul has left
  137. paul has joined
  138. gutuning has left
  139. Martin has left
  140. Martin has joined
  141. selurvedu has left
  142. selurvedu has joined
  143. şişio has joined
  144. Freddy has joined
  145. Martin has left
  146. Martin has joined
  147. mikeye has left
  148. Kiwi has left
  149. Alex has left
  150. alacer has joined
  151. Alex has joined
  152. alacer has left
  153. alacer has joined
  154. squeakylatex has joined
  155. gutuning has joined
  156. xecks has left
  157. xecks has joined
  158. mikeye has joined
  159. Martin As I just recently discovered the JID header ( https://wiki.xmpp.org/web/Jabber_Email_Header ): Does anyone know of more mail programs supporting it? Would be nice if they feature it more prominently. Also for Thunderbird supporting email and xmpp this one could be used for suggesting to add the xmpp contact if the header is present in an email. 🙂
  160. gutuning has left
  161. emus 👍
  162. Kev has left
  163. paul has left
  164. paul has joined
  165. Kev has joined
  166. mikeye has left
  167. gutuning has joined
  168. Martin emus: Already added a short german blogpost for the next newsletter. 😁
  169. emus even more 👍
  170. gutuning has left
  171. alacer has left
  172. alacer has joined
  173. xecks has left
  174. xecks has joined
  175. goffi has joined
  176. gutuning has joined
  177. edhelas has left
  178. edhelas has joined
  179. debacle has left
  180. asterix has left
  181. asterix has joined
  182. asterix has left
  183. asterix has joined
  184. pulkomandy has left
  185. pulkomandy has joined
  186. gutuning has left
  187. gutuning has joined
  188. pulkomandy has left
  189. pulkomandy has joined
  190. alacer has left
  191. alacer has joined
  192. asterix has left
  193. asterix has joined
  194. asterix has left
  195. asterix has joined
  196. mac has joined
  197. xecks has left
  198. xecks has joined
  199. Sam Earlier in here (I think?) someone was talking about self-provisioning Matrix accounts based on an existing Mastodon account and it made me realize we didn't have an easy way to do something similar so I started experimenting with https://github.com/xsf/xeps/pull/1068
  200. gutuning has left
  201. Sam Anyways, now here is an example of the new protoxep that does what the Matrix thing someone linked does. You can auth with mastodon then it gives you a signed URL to click that can be used by a client to provision an account on an XMPP server: https://github.com/mellium/fediverse-xmpp-onboarding
  202. Zash TL;DR of what the flow looks like would be appreciated
  203. Zash I take it this is different from the thing where you point your XMPP server at an existing user database, which is a common method AFAIK
  204. Sam TL;DR — user clicks "verify" button and gets redirected to a mastodon auth page. They log in. They get redirected back to a page with a barcode/link that contains a token. They click the xmpp: link (or scan the barcode) and their client provisions an account on the servere using easy onboarding. They have an account!
  205. Sam I should also have said "server verifies that the token sent to it by the client is valid", that's important.
  206. Sam Ehh, maybe that was covered by "using easy onboarding"
  207. dezant has left
  208. Kiwi has joined
  209. Sam https://share.samwhited.com/sam/jV7E8PhJUjn6tPC9/flow.png
  210. Kev has left
  211. Kev has joined
  212. Zash Neato
  213. moparisthebest Sam: sounds far more complicated than them just having an account?
  214. moparisthebest Like my email accounts are XMPP accounts, I create them with mypostfixadmin and prosody is using mod_auth_sql
  215. Sam The whole point of this is that you don't have an account but you need one
  216. moparisthebest Why wouldn't you just have an account instead?
  217. Sam I think I'm misunderstanding something. If you don't have an account and need one, how can you just have an account already?
  218. moparisthebest This is something the mastodon+xmpp server admin sets up?
  219. Sam Yes. Mastodon isn't the point though, that's just an example.
  220. xecks has left
  221. xecks has joined
  222. Sam The point of the protoxep is to allow users to self-provision accounts with some form of authorization instead of having to ask the server admin for an account.
  223. Sam In this example we use Mastodon as that form of authorization. If you have a mastodon account you can also self-provision an XMPP account.
  224. moparisthebest Right, so all you need is the xmpp server to be able to authenticate against a different account back end? Which has existed forever?
  225. Sam Sure, you can do that too if the backend is shared or you don't mind giving both things access to your database or writing server specific code for each one, etc.
  226. moparisthebest For at most 1 right?
  227. Sam Also if you even have access to the authorization thing. I might allow my fedi friends an account on my server, but I don't have access to my fedi instance.
  228. moparisthebest For both pleroma+mastodon you are talking 1 SQL query
  229. Sam If I have access to their database, yes. But I don't run my mastodon instance. Also that's not the point. Again, this is just an example.
  230. Sam You could always write an extension and run it on the server. The point of this is for when you don't want to run the thing on the server.
  231. moparisthebest We might be talking about different things...
  232. Sam I guess so
  233. Sam User onboarding already exists, that's all this is.
  234. Sam It's easy user onboarding except we get rid of the link between the website showing a barcode and the XMPP server.
  235. Sam If easy user onboarding has a point, this has a point as well.
  236. moparisthebest I'm talking about you sign up for a mastodon account nick@example.com, and you can use that username+password to log into your XMPP account nick@example.com
  237. Sam That is not what this example does
  238. Sam This example just uses mastodon for authentication and to authorize the user to access IBR. It's a self-provisioning portal.
  239. Kev has left
  240. Kev has joined
  241. Sam If you have access to both the mastodon instance and the XMPP server you could make it a single shared account with the same database and you wouldn't need self-provisioning.
  242. squeakylatex has left
  243. squeakylatex has joined
  244. mac has left
  245. jonas’ this is more like "Sign in with Facebook"
  246. Zash OpenID Connect ?
  247. Sam jonas’ sort of. It's not signing in, it's authorizing you to use IBR.
  248. marc0s has left
  249. marc0s has joined
  250. Zash A bit like https://modules.prosody.im/mod_invites_api.html with 3rd party authentication instead of a fixed API key
  251. Sam Maybe that's a better way to explain it: "it lets you do invites except you don't have to be able to talk to the XMPP server to generate one"
  252. mac has joined
  253. Sam https://share.samwhited.com/sam/ZdzPyW19NvOIqE2R/sequence.png
  254. Sam Here is the new invite flow that the protoxep enables.
  255. dezant has joined
  256. Zash I wonder if MattJ has the arguments for opaque tokens issued by the XMPP server written down somewhere.
  257. gutuning has joined
  258. Sam I should add a thing being like "these tokens are opaque, clients don't look inside the base64"
  259. Sam Maybe an implementation section.
  260. Sam Even if the server doesn't plan on ever allowing a third party to create tokens, it might use this token format itself just so that it doesn't have to store anything in the database and deal with a cronjob to clean up expired invites and what not (depending on the system of course, in some things that's not a problem)
  261. Zash One of the tradeoffs here involves revocation.
  262. Sam Indeed; you can't revoke a single token, only a single shared secret and all tokens created with it.
  263. Zash With the shared key method you'll have to store revocations.
  264. Zash You can revoke a single token by the XMPP server adding it to a database.
  265. Sam Oh yah, sorry, that should have been qualified with "without adding back on all the database stuff"
  266. Zash The opposite from opaque tokens directly issued by the XMPP server, where revocation is done by deleting them from the XMPP server.
  267. Zash So. Trade-off.
  268. Sam *nods*. And of course it should be noted that this format doesn't replace anything. Servers could issue opaque tokens themselves and only use this to allow third party trusted applications to generate tokens.
  269. Kev has left
  270. Kev has joined
  271. Zash Probably not that hard to have the 3rd party application ask the XMPP server for a token either.
  272. gutuning has left
  273. Zash Tho you avoid having invent _that_ API by using a shared secret signed token method.
  274. Zash Tho you avoid having to invent _that_ API by using a shared secret signed token method.
  275. Sam Probably not, but then you have to create an account for them and figure out how to do XMPP stuff and long lived connections and it may take time to connect, etc. this is pretty much instant and probably easy using most languages standard libraries.
  276. Sam (the whole point of this for me was actually to make it easier to do this without having to connect to XMPP in the thing I was working on)
  277. Sam The IQ to request a token does exist already though if you wanted to do it that way. It could be one of these tokens, or it could just be a random string or some opaque server-specific proprietary token. The client wouldn't know the difference either way.
  278. lovetox has left
  279. Zash Indeed
  280. lovetox has joined
  281. MattJ Sam [16:02]: > Maybe that's a better way to explain it: "it lets you do invites except you don't have to be able to talk to the XMPP server to generate one" People have argued for this in the past, but I've yet to hear any convincing argument for it
  282. mac has left
  283. mac has joined
  284. Sam Probably not a problem for most XMPP servers but at HipChat it was about how much storage in the database we could do. Things like this tended to be difficult and have too many rows that had to be pruned when they expired (I don't think we did invites specifically, but we used this strategy for some API tokens and the like)
  285. Sam Also I just didn't want to jump through all the hoops of dealing with XMPP things and the slowness of connecting to the server before I could return a page to the user in the thing I was working on; this avoids all that and the pitfalls don't matter for my case ¯\_(ツ)_/¯
  286. Sam And I didn't want to figure out how to make an admin account that had all the right permissions but no more (if that's even possible). Basically I don't want to deal with server specific things because I am not an ops person.
  287. emus has left
  288. gutuning has joined
  289. Freddy has left
  290. Alex has left
  291. Alex has joined
  292. gutuning has left
  293. MattJ Yeah, sure, if the overhead is an XMPP connection, I get your point
  294. şişio has left
  295. Zash (mod_rest to the rescue!)
  296. MattJ As for storage... not sure how realistic that is. I'm pretty sure invites are going to be the least of storage concerns for a large-scale server
  297. marc0s has left
  298. marc0s has joined
  299. MattJ And for the parameters attached to invites... that's tricky, it's been evolving continuously since our first implementation
  300. MattJ e.g. the most recent addition (I think) was a field to say which shared roster group an invite is to
  301. MattJ which is used for the "circles" feature in Snikket
  302. mac has left
  303. şişio has joined
  304. marc0s has left
  305. marc0s has joined
  306. marc0s has left
  307. marc0s has joined
  308. mac has joined
  309. mac has left
  310. gutuning has joined
  311. raghavgururajan has left
  312. raghavgururajan has joined
  313. gutuning has left
  314. debacle has joined
  315. Freddy has joined
  316. Sam That's fair, this could probably be more flexible in that regard
  317. Zash I suggested [CJ]WT for this before.
  318. Sam Huh, TIL: CWT. I guess that was an obvious next step since JWT exists. But yah, that would probably be a good idea
  319. Sam I was trying to keep it simple, but it makes sense that servers might want to be able to sneak some other data in there.
  320. kikuchiyo has left
  321. Alex has left
  322. Sam Or maybe it's worth keeping it simple and just having a "server defined" opaque area. I dunno, I'll have to play with it and think about it some more.
  323. kikuchiyo has joined
  324. Alex has joined
  325. gutuning has joined
  326. floretta has left
  327. floretta has joined
  328. defanor I've observed an odd situation between Dino (some old version) and Prosody (0.11.2) now: with stream management enabled, Dino sent an "unavailable" presence, disconnected, then reconnected, resumed the session, and stayed at "unavailable" presence (so the user wasn't receiving messages until the next reconnect). It's wrong for Dino to try to resume that session, as well as for Prosody to resume it, isn't it?
  329. gutuning has left
  330. defanor XEP-0198 seems to imply that cleanly closed sessions shouldn't be resumed, but I don't see it written clearly.
  331. Zash Disconnected how?
  332. emus has joined
  333. defanor Ah, with a read error. So it appears that it was about to close the session cleanly, but then an error happened. Then Dino should have handled it by sending an "available" presence after reconnecting, I guess.
  334. Zash I would like to point out that Prosody does not support XEP-0198, unless you add a 3rd party community supported module.
  335. Zash What matters is whether `</stream:stream>` was sent.
  336. Zash If it didn't close the stream then I see nothing wrong with resuming it.
  337. Zash Sounds like a race condition of some sort in the client. But since you say it's an old version you should probably test with a more recent version.
  338. Zash Also Prosody 0.11.2 is 2½ years old. I sure hope it's the Debian version that includes all the security fixes.
  339. defanor It is, 0.11.2-1+deb10u2.
  340. gutuning has joined
  341. jubalh has left
  342. Yagizа has left
  343. dezant has left
  344. marc has left
  345. marc has joined
  346. squeakylatex has left
  347. marc0s has left
  348. marc0s has joined
  349. marc0s has left
  350. marc0s has joined
  351. gutuning has left
  352. marc0s has left
  353. marc0s has joined
  354. gutuning has joined
  355. marc has left
  356. marc has joined
  357. idk has joined
  358. goffi has left
  359. sonny has left
  360. sonny has joined
  361. floretta has left
  362. floretta has joined
  363. gutuning has left
  364. mac has joined
  365. eta has left
  366. eta has joined
  367. marc0s has left
  368. marc0s has joined
  369. gutuning has joined
  370. asterix has left
  371. asterix has joined
  372. mac has left
  373. mac has joined
  374. Sam has left
  375. sonny has left
  376. sonny has joined
  377. wurstsalat has left
  378. Sam has joined
  379. debacle has left
  380. gutuning has left
  381. gutuning has joined
  382. marc has left
  383. Kiwi has left
  384. mikeye has joined