jdev - 2024-11-23


  1. Schimon

    Good evening! Is there a mechanism to utilize token or requent to connect to an XMPP account? By "request", I mean to notify that XMPP service requests to connect to specified account, and the conection occurs on another platform which approves the connection (e.g. OpenUserJS does this when connecting to its system).

  2. Schimon

    Good evening! Is there a mechanism to utilize token or requent to connect to an XMPP account, instead of using passwords? By "request", I mean to notify that XMPP service requests to connect to specified account, and the conection occurs on another platform which approves the connection (e.g. OpenUserJS does this when connecting to its system).

  3. Schimon

    https://blasta.woodpeckersnest.eu/connect Blasta is a service which requires an XMPP account and it needs JID and Password. I think, that it would be better to allocate a token (temporary or permanent) to it. Even better, to negotiate with another server which would approve that the credentials are correct. Similar to OpenID.

  4. moparisthebest

    Schimon: https://xmpp.org/extensions/xep-0493.html

  5. Schimon

    XEP-0493: OAuth Client Login

  6. moparisthebest

    Also https://xmpp.org/extensions/xep-0484.html

  7. Schimon

    OAuth is a good mechanism. Thank you moparisthebest.

  8. moparisthebest

    Lastly see https://xmpp.org/extensions/xep-0494.html

  9. Schimon

    > Also https://xmpp.org/extensions/xep-0484.html > This specification defines a token-based method to streamline authentication in XMPP, allowing fully authenticated stream establishment within a single round-trip. What does "round-trip" mean?

  10. moparisthebest

    Uuuuhhhhh, every request to + response from the server is a round trip

  11. Schimon

    Which XEP do you recommend to implement?

  12. moparisthebest

    So one round trip would be a protocol that looks like: Client > server: hi I'm Bob and here is my password log me in please Server > client: hi Bob that's correct you are logged in now

  13. Zash

    If your goal is to avoid dealing with users credentials directly, XEP-0493 is what you want

  14. Schimon

    Thank you. Zash.

  15. Schimon

    Thank you. Zash. Yes. This is the purpose. I rather not to have credentials exposed to Blasta.

  16. Zash

    XEP-0484 only works _after_ an initial authentication, which means you need another method to start with

  17. moparisthebest

    Multiple round trips are like: Client>server: hi I'm a client can I log in? Server>client: sure what's your name? Client>server: I'm Bob Server>client: hi Bob what's your password? Client>server: my password is X Server>client: welcome back Bob that's right you are logged in now

  18. Schimon

    Zash. Do you have an advise on what method to utilize?

  19. moparisthebest

    Latency, especially mobile connections, make that second one noticeably shorter

  20. Zash

    > If your goal is to avoid dealing with users credentials directly, XEP-0493 is what you want That's what this was

  21. moparisthebest

    Latency, especially mobile connections, make that second one noticeably longer

  22. Schimon

    moparisthebest. Thank you for the elaboration. I might need to read it several times.

  23. Zash

    XEP-0493 is a lot of words for "use OAuth 2"

  24. Schimon

    > That's what this was I have expanded my answer, just to dispel any doubt as to what I was exactly answering positively.

  25. moparisthebest

    Schimon: if it helps imagine every line as a letter mailed back and forth between the client and the server, in reality they are packets

  26. Schimon

    moparisthebest. So a multiple round trip would ask for credentials upon each line, and a single one will ask only once for all lines?

  27. moparisthebest

    So each line is a letter, and you gotta wait for the response until you send the next

  28. moparisthebest

    So the first involves the client mailing 1 letter and waiting for the server to mail 1 back, then he's logged in

  29. moparisthebest

    The second has the client mailing 3 letters and the server mailing 3 letters before login finishes

  30. singpolyma

    Schimon: no. Less round trips it just a minor performance thing. It's nothing to do with credentials

  31. singpolyma

    It's a small reduction in security for a small increase in speed, basically

  32. Schimon

    singpolyma. Thank you. I need to read about it.

  33. Schimon

    singpolyma. Thank you. I need to read about it.

  34. Schimon

    5.2 Authentication vs Authorization > Note well that this specification is about an XMPP account owner granting (i.e. authorizing) an application access to their account. It is not about the account owner asserting any particular identity to the application, nor *is is* it designed to assert the identity of the application towards the XMPP service. Notice: "is is". https://xmpp.org/extensions/xep-0493.html#authentication-vs-authorization