moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'feature/xep-0401'

This commit is contained in:
Jonas Schäfer 2020-01-02 17:54:02 +01:00
parent 79846a32ea 47e7aa43cb
commit b837b325d7
1 changed files with 55 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
xep-0401.xml
View File

@ -30,6 +30,12 @@
<firstname>Marc</firstname> <firstname>Marc</firstname>
<surname>Schink</surname> <surname>Schink</surname>
</author> </author>
<revision>
<version>0.3.0</version>
<date>2020-01-02</date>
<initials>gl</initials>
<remark>Use pre-auth-IQ instead of re-using IBR as per council feedback.</remark>
</revision>
<revision> <revision>
<version>0.2.0</version> <version>0.2.0</version>
<date>2018-02-11</date> <date>2018-02-11</date>
@ -78,8 +84,8 @@
out-of-band link (URI) which allows Juliet to:</p> out-of-band link (URI) which allows Juliet to:</p>
<ol> <ol>
<li>Download an XMPP client (if needed).</li> <li>Download an XMPP client (if needed).</li>
<li>Register an account on Romeo's server with a user name defined by <li>Register an account on Romeo's server (with a user name pre-defined
Romeo and a password not known to Romeo.</li> by Romeo or chosen by Juliet, and a password not known to Romeo).</li>
<li>Establish a mutual presence subscription between Romeo and Juliet.</li> <li>Establish a mutual presence subscription between Romeo and Juliet.</li>
</ol> </ol>
</section2> </section2>
@ -124,8 +130,21 @@
</iq> </iq>
]]></example> ]]></example>
<p>When performing the account creation, Juliet's client needs to ensure <p>When performing the account creation, Juliet's client needs to ensure
that the server supports the extended IBR protocol with a &lt;preauth&gt; that the server supports the extended IBR protocol, as denoted by the
token: TODO</p> <strong>&lt;register xmlns='urn:xmpp:invite'></strong>
stream feature:</p>
<example caption="Stream features of a server that accepts invitations"><![CDATA[
<stream:features>
<mechanisms xmlns='urn:xmpp:sasl:0'>
<mechanism>EXTERNAL</mechanism>
<mechanism>SCRAM-SHA-1-PLUS</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='urn:xmpp:invite'/>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
]]></example>
</section1> </section1>
<section1 topic='Glossary' anchor='glossary'> <section1 topic='Glossary' anchor='glossary'>
<p>OPTIONAL.</p> <p>OPTIONAL.</p>
@ -324,87 +343,45 @@
<section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'> <section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'>
<p>In order to allow invited users to register on a server, the <p>In order to allow invited users to register on a server, the
registration processs as defined in &xep0077; needs to be extended. The registration processs as defined in &xep0077; needs to be extended. The
invited user's client MUST add a &lt;preauth&gt; element in the 'TODO' invited user's client needs to connect to the server and check that the
namespace to the 'jabber:iq:register' query in order to inform the invitation stream feature
server that it wants to perform Pre-Authenticated IBR:</p> (<strong>&lt;register xmlns='urn:xmpp:invite'></strong>) is present.
<example caption="Retrieving registration fields"><![CDATA[ After that, the client initiates the registration flow by sending the
<iq type='get' id='reg1' to='example.com'> preauth token to the server:</p>
<query xmlns='jabber:iq:register'> <example caption="Client initiates pre-authenticated IBR"><![CDATA[
<preauth xmlns='urn:xmpp:invite:1'/> <iq type='set' to='example.com' id='pa1'>
</query> <preauth xmlns='urn:xmpp:pars:0' token='TOKEN' />
</iq> </iq>
]]></example> ]]></example>
<p>If the server supports and is ready to perform Pre-Authenticated IBR, <p>Upon receiving the preauth request, the server must validate that the
it MUST add a &lt;token&gt; element to the response (TODO: 'token' or token is acceptable for account registration. However, single-use tokens
'preauth'?):</p> MUST NOT be considered used until the actual registration has succeeded.
<example caption="Receiving registration form"><![CDATA[ </p>
<iq type='result' to='romeo@example.com' from='example.com' id='reg1'> <p>In addition, if the token has an expiration time, it MUST only be
<query xmlns='jabber:iq:register'> checked at this point. Subsequent actions performed by the client during
<x xmlns='jabber:x:data' type='form'> the current session that require a valid token MUST NOT be rejected due
<field type='hidden' var='FORM_TYPE'> to token expiry.
<value>urn:xmpp:invite:1</value> </p>
</field> <p>If the token is acceptable, the server responds with success, and
<field type='text-single' label='Username' var='username'> indicates the client may now proceed with account registration:
<required/> </p>
</field> <example caption="Server accepts invitation token"><![CDATA[
<field type='text-private' label='Password' var='password'> <iq type='result' from='example.com' id='pa1' />
<required/>
</field>
<field type='text-single' label='Invite token' var='token'>
<required/>
</field>
</x>
</query>
</iq>
]]></example> ]]></example>
<example caption='Receiving registration form with error (invalid token)'><![CDATA[ <p>If the token provided by the client was unknown, invalid or expired, the
<iq type='error' from='example.com' id='reg1'> server should return an appropriate error to the client:</p>
<query xmlns='jabber:iq:register'> <example caption="Server rejects invitation token"><![CDATA[
<x xmlns='jabber:x:data' type='form'> <iq type="error" from="example.com" id="pa1">
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>BADTOKEN<value/>
</field>
</x>
</query>
<error type='modify'>
<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<invalid-token xmlns='urn:xmpp:invite:1'/>
</error>
</iq>
]]></example>
<example caption='Receiving registration form with error (token expired)'><![CDATA[
<iq type='error' from='example.com' id='reg1'>
<query xmlns='jabber:iq:register'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>OLDTOKEN<value/>
</field>
</x>
</query>
<error type='cancel'> <error type='cancel'>
<not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<token-expired xmlns='urn:xmpp:invite:1'/> <text>The provided token is invalid or expired</text>
</error> </error>
</iq> </iq>
]]></example> ]]></example>
<p>In the success case, the client proceeds with registration as defined in
&xep0077;. If the token is rejected by the server, the client still MAY
attempt to perform IBR if the server allows that.</p>
<p>After the invitee has successfully registered on the inviter's server <p>After the invitee has successfully registered on the inviter's server
and roster subscription is enabled for account creation, the server MUST and roster subscription is enabled for account creation, the server MUST
use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the