-
flow
MattJ, I see talks about a pending token auth spec on standards@. Is that pre-published somewhere? (FWIW, It appears I wasn't subscribed to standards@ for the past weeks)
-
MattJ
flow, https://pad.nixnet.services/s/_HIPmMkXC
-
MattJ
Very much pre-published, that's basically my in-progress draft
-
MattJ
But I'm planning to begin a prototype implementation in Prosody this week
-
moparisthebest
First client (that I know of...) that natively supports XEP-467 QUIC is out https://github.com/conversejs/converse-tauri not bad for a night of work...
-
Menel
Now do that tauri thing with prosody 😀👍👍✎ -
Menel
Now do that tauri thing with ~prosody~ snikket 😀👍👍 ReBrand it, and you have an ecosystem with server and client ✏
-
moparisthebest
Ah yea well it already works well with prosody, would be fairly easy (famous last words) to stick in a docker container with Snikket
-
Guus
Sigh. Java's SASL framework makes it next to impossible to distinguish between a missing initial response, and an empty/zero-length one. (Java devs, I'd love to be proven wrong here). Is this going to be a practical issue? In our existing EXTERNAL code, we challenge for an authzid when there is "no initial response data" (which triggers both for a missing initial and a zero-length one). I am trying to get that more specific, and only query when the initial response is indeed missing (as I like to be backwards compatible and retain the possibility to challenge for an authzid). Given Java's shortcomings here, I'm not seeing a way to do that.
-
Guus
For EXTERNAL specifically, it might be safe (?) to act as if the missing initial response is an empty one (and use the stream's 'from' attribute value), but that feels dodgy.
-
Guus
RFC4422 appendix-A specifically instructs to challenge upon missing initial response. :/