%ents; ]>
Pre-auth Registration Key Generation and Validation This specification updates XEP-0401 and XEP-0445 by specifying a shared format for the pre-authenticated registration token. &LEGALNOTICE; xxxx ProtoXEP Standards Track Standards Council XMPP Core XEP-0401 XEP-0445 preauth-token &sam; 0.0.1 2021-06-06 ssw

First draft.

Both &xep0401; and &xep0445; specify a mechanism for requesting a token from a server that can be exchanged for registration at a later date. However, neither XEP defines the format of this token, or a recommended algorithm for generating it. This means that each server may choose a unique format and that any token issuing entity must either only support a specific servers token format, or must connect to the server with an admin account so that it can ask the server for tokens.

This specification rectifies this by specifying a server-agnostic format for pre-auth tokens and an algorithm for generating them. This enables third-party trusted services that share a private key to sign a token that can later be verified by the server to register a user.

Authentication server
The server authenticating the user using IBR or SASL, normally the XMPP server.
Authorization server
A server issuing a token authorizing the user to register. This may be the XMPP server, or another entity that shares its private key.
IBR
In-band Registration, as defined by either &xep0077; or &xep0389;
Key
A shared secret that is used to sign and validate tokens.

The following algorithm is used to generate tokens where "," is a separator and not part of any actual input and $key is the shared secret key. All uses of base64 are the Raw URL encoding (with no padding characters) defined in &rfc4648; HMAC-SHA256 is a Keyed-Hash Message Authentication Code (see &nistfips198a;) using the SHA256 hashing algorithm (see &nistfips180-2;).

// Current time rounded up and converted to milliseconds. expiration = ($currentTime + 1e6 -1) / 1e6 jids = { JID1, ':', JID2, ':', JID3, ':', … JIDFinal } signature = HMAC-SHA256 ( $key, $jids, ':', $expiration ) token = { base64-raw-url($signature), ':', base64-raw-url($jids), ':', $expiration, }

If the shared key is longer than the block size it will be hashed by some HMAC implementations, otherwise it is left unhashed. This is not represented in the algorithm above, but if it is not done the user must determine whether the input key needs hashing themselves. Input keys shorter than the block size are not hashed.

The secret key SHOULD be at least half the length of the SHA256 output (ie. 16 bytes). No key stretching is performed by this algorithm, so the user should take care to pick a long key.

Creation of the secret key MUST NOT require communication between the authentication server, the authorization server, or a third party such as a database.

This document requires no interaction with &IANA;

This document requires no action from the ®ISTRAR;

This document does not define an XML namespace requiring a schema.