1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 16:55:07 -05:00

XEP-0401: split out pre-authenticated IBR

This commit is contained in:
Georg Lukas 2019-12-30 19:14:52 +01:00
parent 34592782e0
commit df36c096b1

View File

@ -6,7 +6,7 @@
<?xml-stylesheet type='text/xsl' href='xep.xsl'?> <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep> <xep>
<header> <header>
<title>Easy User Onboarding</title> <title>Ad-hoc Account Invitation Generation</title>
<abstract>This document defines a protocol and URI scheme for user invitation in order to allow a third party to register on a server. The goal of this is to make onboarding for XMPP IM newcomers as easy as possible.</abstract> <abstract>This document defines a protocol and URI scheme for user invitation in order to allow a third party to register on a server. The goal of this is to make onboarding for XMPP IM newcomers as easy as possible.</abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>0401</number> <number>0401</number>
@ -30,6 +30,10 @@
<firstname>Marc</firstname> <firstname>Marc</firstname>
<surname>Schink</surname> <surname>Schink</surname>
</author> </author>
<author>
<firstname>Georg</firstname>
<surname>Lukas</surname>
</author>
<revision> <revision>
<version>0.4.0</version> <version>0.4.0</version>
<date>2020-01-08</date> <date>2020-01-08</date>
@ -90,8 +94,8 @@
out-of-band link (URI) which allows Juliet to:</p> out-of-band link (URI) which allows Juliet to:</p>
<ol> <ol>
<li>Download an XMPP client (if needed).</li> <li>Download an XMPP client (if needed).</li>
<li>Register an account on Romeo's server with a user name defined by <li>Register an account on Romeo's server (with a user name pre-defined
Romeo and a password not known to Romeo.</li> by Romeo or chosen by Juliet, and a password not known to Romeo).</li>
<li>Establish a mutual presence subscription between Romeo and Juliet.</li> <li>Establish a mutual presence subscription between Romeo and Juliet.</li>
</ol> </ol>
</section2> </section2>
@ -111,6 +115,8 @@
Furthermore, Romeo's server SHOULD provide a HTTPS service hosting the Furthermore, Romeo's server SHOULD provide a HTTPS service hosting the
landing page. landing page.
</p> </p>
<p>Romeo's server MUST support at least one <link url="#preauth-ibr">Pre-Authenticated In-Band
Registration</link> mechanism.</p>
</section1> </section1>
<section1 topic='Discovery' anchor='discover'> <section1 topic='Discovery' anchor='discover'>
<p>Romeo can query his server for the availability of "User Invitation" and <p>Romeo can query his server for the availability of "User Invitation" and
@ -135,9 +141,6 @@
</query> </query>
</iq> </iq>
]]></example> ]]></example>
<p>When performing the account creation, Juliet's client needs to ensure
that the server supports the extended IBR protocol with a &lt;preauth&gt;
token: TODO</p>
</section1> </section1>
<section1 topic='Glossary' anchor='glossary'> <section1 topic='Glossary' anchor='glossary'>
<p>OPTIONAL.</p> <p>OPTIONAL.</p>
@ -335,88 +338,18 @@
</section2> </section2>
<section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'> <section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'>
<p>In order to allow invited users to register on a server, the <p>In order to allow invited users to register on a server, the
registration processs as defined in &xep0077; needs to be extended. The server must support pre-authenticated in-band registration based on one
invited user's client MUST add a &lt;preauth&gt; element in the 'TODO' of the following specifications:
namespace to the 'jabber:iq:register' query in order to inform the </p>
server that it wants to perform Pre-Authenticated IBR:</p> <ul>
<example caption="Retrieving registration fields"><![CDATA[ <li><link url="inbox/ibr-token.html">Pre-Authenticated In-Band Registration</link></li>
<iq type='get' id='reg1' to='example.com'> <li>TODO: define a mechanism based on &xep0389;</li>
<query xmlns='jabber:iq:register'> </ul>
<preauth xmlns='urn:xmpp:invite:1'/> <p>
</query> The invited user's client needs to connect to the server, check which of
</iq> the above mechanisms are supported, and continue as specified in the
]]></example> respective document.
<p>If the server supports and is ready to perform Pre-Authenticated IBR, </p>
it MUST add a &lt;token&gt; element to the response (TODO: 'token' or
'preauth'?):</p>
<example caption="Receiving registration form"><![CDATA[
<iq type='result' to='romeo@example.com' from='example.com' id='reg1'>
<query xmlns='jabber:iq:register'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' label='Username' var='username'>
<required/>
</field>
<field type='text-private' label='Password' var='password'>
<required/>
</field>
<field type='text-single' label='Invite token' var='token'>
<required/>
</field>
</x>
</query>
</iq>
]]></example>
<example caption='Receiving registration form with error (invalid token)'><![CDATA[
<iq type='error' from='example.com' id='reg1'>
<query xmlns='jabber:iq:register'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>BADTOKEN<value/>
</field>
</x>
</query>
<error type='modify'>
<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<invalid-token xmlns='urn:xmpp:invite:1'/>
</error>
</iq>
]]></example>
<example caption='Receiving registration form with error (token expired)'><![CDATA[
<iq type='error' from='example.com' id='reg1'>
<query xmlns='jabber:iq:register'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>OLDTOKEN<value/>
</field>
</x>
</query>
<error type='cancel'>
<not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<token-expired xmlns='urn:xmpp:invite:1'/>
</error>
</iq>
]]></example>
<p>After the invitee has successfully registered on the inviter's server <p>After the invitee has successfully registered on the inviter's server
and roster subscription is enabled for account creation, the server MUST and roster subscription is enabled for account creation, the server MUST
use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the