1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-22 07:38:52 -05:00
xeps/xep-0401.xml
2020-01-02 17:53:40 +01:00

467 lines
20 KiB
XML

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Easy User Onboarding</title>
<abstract>This document defines a protocol and URI scheme for user invitation in order to allow a third party to register on a server. The goal of this is to make onboarding for XMPP IM newcomers as easy as possible.</abstract>
&LEGALNOTICE;
<number>0401</number>
<status>Experimental</status>
<type>Standards Track</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
<spec>XEP-0001</spec>
<spec>XEP-0050</spec>
<spec>XEP-0082</spec>
<spec>XEP-0077</spec>
<spec>XEP-0147</spec>
<spec>XEP-0379</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>N/A</shortname>
<author>
<firstname>Marc</firstname>
<surname>Schink</surname>
</author>
<revision>
<version>0.3.0</version>
<date>2020-01-02</date>
<initials>gl</initials>
<remark>Use pre-auth-IQ instead of re-using IBR as per council feedback.</remark>
</revision>
<revision>
<version>0.2.0</version>
<date>2018-02-11</date>
<initials>ms</initials>
<remark>
<p>Used Data Forms for extension of In-Band Registration as required by <strong>XEP-0077</strong> § 4.</p>
<p>Added "defined condition" elements in error stanzas as required by <strong>RFC 6120</strong> § 8.3.2.</p>
<p>Changed type of "invalid-token" error to "modify".</p>
<p>Fix namespacing of Ad-Hoc commands</p>
<p>Bump namespace to invite:1</p>
</remark>
</revision>
<revision>
<version>0.1.0</version>
<date>2018-01-25</date>
<initials>XEP Editor (jwi)</initials>
<remark>Accepted by vote of Council on 2018-01-17.</remark>
</revision>
<revision>
<version>0.0.1</version>
<date>2018-01-10</date>
<initials>ms</initials>
<remark><p>First submission.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
<p>Romeo is an active XMPP IM (Instant Messaging) user or the operator of
an XMPP server. He convinces Juliet (who may not have an XMPP account yet)
to install a client but she may still need to choose an XMPP server,
create an account, and add Romeo as a contact.
This specification defines two ways for Romeo to simplify this process for Juliet:</p>
<section2 topic='User Invitation'>
<p>If Romeo is an XMPP user, he can create an out-of-band link (URI)
which allows Juliet to:</p>
<ol>
<li>Download an XMPP client (if needed).</li>
<li>Optionally register an account with Romeo's server (if permitted by
the server rules), or with a public server.</li>
<li>Establish a mutual presence subscription between Romeo and Juliet.</li>
</ol>
<p>The process is designed to automatically skip steps that Juliet already
completed, to make the overall experience as smooth as possible.</p>
</section2>
<section2 topic='Account Creation'>
<p>If Romeo is an administrator of an XMPP server, he can create an
out-of-band link (URI) which allows Juliet to:</p>
<ol>
<li>Download an XMPP client (if needed).</li>
<li>Register an account on Romeo's server (with a user name pre-defined
by Romeo or chosen by Juliet, and a password not known to Romeo).</li>
<li>Establish a mutual presence subscription between Romeo and Juliet.</li>
</ol>
</section2>
</section1>
<section1 topic='Requirements' anchor='reqs'>
<p>This specification makes use of XMPP URIs. The basic URI scheme for XMPP
is defined in &rfc5122; and extended in &xep0147; and &xep0379;.
Furthermore, this heavily builds upon the blocks provided in
<cite>XEP-0379</cite> for landing page and roster subscription.
</p>
<p>
To create out-of-band invitation links, Romeo's server needs to implement
the &xep0050; commands specified in the following section, and his client
must be able to execute them.
</p>
<p>
Furthermore, Romeo's server SHOULD provide a HTTPS service hosting the
landing page.
</p>
</section1>
<section1 topic='Discovery' anchor='discover'>
<p>Romeo can query his server for the availability of "User Invitation" and
"Account Creation" commands:</p>
<example caption="Discover available ad-hoc commands"><![CDATA[
<iq type='get' from='romeo@example.com' to='example.com' id='disco'>
<query xmlns='http://jabber.org/protocol/disco#items'
node='http://jabber.org/protocol/commands'/>
</iq>
]]></example>
<p>TODO: use appropriate node namespace.</p>
<example caption="Discovery result for available ad-hoc commands"><![CDATA[
<iq type='result' to='romeo@example.com' from='example.com' id='disco'>
<query xmlns='http://jabber.org/protocol/disco#items'
node='http://jabber.org/protocol/commands'>
<item jid='example.com'
node='urn:xmpp:invite#invite'
name='Invite user'/>
<item jid='example.com'
node='urn:xmpp:invite#create-account'
name='Create account'/>
</query>
</iq>
]]></example>
<p>When performing the account creation, Juliet's client needs to ensure
that the server supports the extended IBR protocol, as denoted by the
<strong>&lt;register xmlns='urn:xmpp:invite'></strong>
stream feature:</p>
<example caption="Stream features of a server that accepts invitations"><![CDATA[
<stream:features>
<mechanisms xmlns='urn:xmpp:sasl:0'>
<mechanism>EXTERNAL</mechanism>
<mechanism>SCRAM-SHA-1-PLUS</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='urn:xmpp:invite'/>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
]]></example>
</section1>
<section1 topic='Glossary' anchor='glossary'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Use Cases' anchor='usecases'>
<section2 topic='Creating a User Invitation' anchor='create-invitation'>
<p>A user can execute the 'invite' command to obtain a new invitation link
with a unique invitation token.</p>
<example caption="Execute user invitation command"><![CDATA[
<iq type='set' from='romeo@example.com' to='example.com' id='exec1'>
<command xmlns='http://jabber.org/protocol/commands'
node='urn:xmpp:invite#invite'
action='execute'/>
</iq>
]]></example>
<example caption="User invitation finished"><![CDATA[
<iq type='result' to='romeo@example.com' from='example.com' id='exec2'>
<command xmlns='http://jabber.org/protocol/commands'
node='urn:xmpp:invite#invite'
status='completed'>
<x xmlns='jabber:x:data' type='result'>
<item>
<field var='uri'>
<value>xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=y</value>
</field>
<field var='landing-url'>
<value>https://example.com/invite/#TOKEN</value>
</field>
<field var='expire'>
<value>2017-11-06T02:56:15Z</value>
</field>
</item>
</x>
</command>
</iq>
]]></example>
<p>The token should be unique, sufficiently
long and generated by a strong random number generator.</p>
<p>A server MUST provide the <strong>uri</strong> field which contains an
XMPP URI of the following format:</p>
<code>xmpp:inviter@example.com?roster;preauth=TOKEN;ibr=y</code>
<p>The <strong>ibr</strong> query component in the XMPP URI indicates that
the invitee is allowed to create an account on Romeo's server, using the
'preauth' token.
If the server does not support or allow in-band registration for invited
users, the server MUST omit the <strong>ibr</strong> query component.</p>
<p>Additionally, the server SHOULD provide the <strong>landing-url</strong>
field which contains an HTTPS URL of a web-based landing page as described
in &xep0379; § 3.3. The URL format may differ from the example shown here
depending on where the landing page is hosted.</p>
<p>If the server omits the <strong>landing-page</strong> field, Romeo's
client SHOULD generate an appropriate landing page URL hosted by the
client developer or a trusted third party.</p>
<p>A server MAY provide a field which provides the expiration date of the
generated token. The expiration date MUST conform to the DateTime profile
specified in &xep0082;. If the field is not provided, the token does not
expire.</p>
<p>Romeo's client should provide adequate means to export the
<strong>landing-page</strong> URL, possibly accompanied with a short
description and the <strong>expire</strong> information, so that Romeo can
share it with Juliet by other means than XMPP, like e-mail or a QR code.</p>
</section2>
<section2 topic='Landing Page' anchor='landing-page'>
<p>The landing page that the generated URL points to should correspond to
the format described in <cite>XEP-0379</cite> §3.3, and it needs to
convey the following information:</p>
<ul>
<li>A short text that this is an XMPP invitation from Romeo.</li>
<li>A client recommendation (based on the detected web browser/OS) with download links.</li>
<li>A prominent button that activates the encoded <strong>xmpp:</strong> link.</li>
</ul>
<p>If the landing page is hosted by Romeo's server, the server MAY display
additional information based on the supplied TOKEN value, like the name
of the inviter or validity information.</p>
</section2>
<section2 topic='Redeeming a User Invitation' anchor='redeem-invitation'>
<p>If Juliet does not have an XMPP client installed, she will not be able
to open the <strong>xmpp:</strong> link from the invitation page.
For this case, the landing page needs to indicate that a client must be
installed first, and that the link will not work as intended without.
The automatic installation of an appropriate IM client when a user
clicks on an <strong>xmpp:</strong> is outside of the scope of this
document.</p>
<p>With an XMPP client installed, Juliet can open the
<strong>xmpp:</strong> link and have the client process it
appropriately, as follows:</p>
<section3 topic='Pre-Configured Account' anchor='redeem-preconfigured'>
<p>If Juliet's client is already configured with an account, the default
action for the presented
<strong>xmpp:inviter@example.com?roster;...</strong> URI is to add the
inviter to Juliet's roster. This should be performed as described in
§3.4 of <cite>XEP-0379</cite>, by sending a presence subscription
request containing the 'preauth' token.</p>
<p>If Juliet already has Romeo in her roster, her client should open the
appropriate chat interface instead.</p>
</section3>
<section3 topic='No Configured Account' anchor='redeem-no-account'>
<p>If Juliet's client does not have an XMPP account configured, she
needs to login or register an account first. Therefore, the client
should provide an interface with the following options:</p>
<ul>
<li>Login with an existing XMPP account.</li>
<li>Register an account with Romeo's server (if the URI contains a
<strong>ibr=y</strong> parameter).</li>
<li>Register an account with a public or client-endorsed server.</li>
</ul>
<p>If the <strong>xmpp:</strong> URI provided by Romeo contains the
<strong>ibr=y</strong> parameter, it indicates that the server
supports the <link url="#preauth-ibr">Pre-Authenticated In-Band
Registration</link> defined in this document. If Juliet chooses this
approach, the server will ensure that after the registration, Romeo is
added to her roster with a full presence subscription.</p> <p>If
Juliet chooses to login or register with a different server, her
client must complete the respective process and issue a subscription
request as described in §3.4 of <cite>XEP-0379</cite>.</p>
</section3>
</section2>
<section2 topic='Initiating Account Creation' anchor='account-creation'>
<p>If Romeo is the administrator of an XMPP server, he might want to
ensure that Juliet obtains an account on this server, with a username
defined either by Romeo or by Juliet, and in a way that does not require
the out-of-band communication of user passwords.</p>
<p>TODO: description of overall process steps, design motivation.</p>
<example caption="Exceute account creation command"><![CDATA[
<iq type='set' from='romeo@example.com' to='example.com' id='exec1'>
<command xmlns='http://jabber.org/protocol/commands'
node='urn:xmpp:invite#create-account'
action='execute'/>
</iq>
]]></example>
<example caption="Service returns form for account creation"><![CDATA[
<iq type='result' to='romeo@example.com' from='example.com' id='exec1'>
<command xmlns='http://jabber.org/protocol/commands'
sessionid='config:20020923T213616Z-700'
node='urn:xmpp:invite#create-account'
status='executing'>
<actions execute='complete'>
<complete/>
</actions>
<x xmlns='jabber:x:data' type='form'>
<field var='username' label='Username' type='text-single'/>
<field var='roster-subscription' label='Roster subscription' type='boolean'/>
</x>
</command>
</iq>
]]></example>
<p>A server MAY require a username to be specified for account creation.
In this case, the server MUST add the &lt;required/&gt; element to the
username field.
The username MUST be a valid localpart as defined in &rfc6122; §2.3.</p>
<example caption="Account creation with specified username"><![CDATA[
<iq type='set' from='romeo@example.com' to='example.com' id='exec2'>
<command xmlns='http://jabber.org/protocol/commands'
sessionid='config:20020923T213616Z-700'
node='urn:xmpp:invite#create-account'>
<x xmlns='jabber:x:data' type='submit'>
<field var='username'>
<value>juliet</value>
</field>
</x>
</command>
</iq>
]]></example>
<example caption="Account creation finished"><![CDATA[
<iq type='result' to='romeo@example.com' from='example.com' id='exec2'>
<command xmlns='http://jabber.org/protocol/commands'
sessionid='config:20020923T213616Z-700'
node='urn:xmpp:invite#create-account'
status='completed'>
<x xmlns='jabber:x:data' type='result'>
<item>
<field var='uri'>
<value>xmpp:juliet@example.com?register;preauth=TOKEN</value>
</field>
<field var='landing-url'>
<value>https://example.com/invite/#TOKEN</value>
</field>
<field var='expire'>
<value>2017-11-06T02:56:15Z</value>
</field>
</item>
</x>
</command>
</iq>
]]></example>
<p>The server's response for account creation is the same as for user
invitation except for the format of the <strong>uri</strong> field which
contains an XMPP URI of the following format:</p>
<code>xmpp:juliet@example.com?register;preauth=TOKEN</code>
<p>If no username was specified during the account creation process, the
local part of the JID in the XMPP URI is omitted by the server which
results in the following format:</p>
<code>xmpp:example.com?register;preauth=TOKEN</code>
<p>TODO: note about sensitivity of TOKEN</p>
</section2>
<section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'>
<p>In order to allow invited users to register on a server, the
registration processs as defined in &xep0077; needs to be extended. The
invited user's client needs to connect to the server and check that the
invitation stream feature
(<strong>&lt;register xmlns='urn:xmpp:invite'></strong>) is present.
After that, the client initiates the registration flow by sending the
preauth token to the server:</p>
<example caption="Client initiates pre-authenticated IBR"><![CDATA[
<iq type='set' to='example.com' id='pa1'>
<preauth xmlns='urn:xmpp:pars:0' token='TOKEN' />
</iq>
]]></example>
<p>Upon receiving the preauth request, the server must validate that the
token is acceptable for account registration. However, single-use tokens
MUST NOT be considered used until the actual registration has succeeded.
</p>
<p>In addition, if the token has an expiration time, it MUST only be
checked at this point. Subsequent actions performed by the client during
the current session that require a valid token MUST NOT be rejected due
to token expiry.
</p>
<p>If the token is acceptable, the server responds with success, and
indicates the client may now proceed with account registration:
</p>
<example caption="Server accepts invitation token"><![CDATA[
<iq type='result' from='example.com' id='pa1' />
]]></example>
<p>If the token provided by the client was unknown, invalid or expired, the
server should return an appropriate error to the client:</p>
<example caption="Server rejects invitation token"><![CDATA[
<iq type="error" from="example.com" id="pa1">
<error type='cancel'>
<item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<text>The provided token is invalid or expired</text>
</error>
</iq>
]]></example>
<p>In the success case, the client proceeds with registration as defined in
&xep0077;. If the token is rejected by the server, the client still MAY
attempt to perform IBR if the server allows that.</p>
<p>After the invitee has successfully registered on the inviter's server
and roster subscription is enabled for account creation, the server MUST
use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the
inviter about the invitee's new account without the need to reconnect.</p>
<example caption="Push roster item of invitee to inviter"><![CDATA[
<iq type='set' from='romeo@example.com' id='push'>
<query xmlns='jabber:iq:roster'>
<item subscription='both' jid='juliet@example.com'/>
</query>
</iq>
]]></example>
</section2>
</section1>
<section1 topic='Business Rules' anchor='rules'>
<section2 topic='Fallback to Client-Side PARS'>
<p>If the inviter's server does not support user invitation, the client
application SHOULD silently fall back to &xep0379; for a good user
experience.</p>
</section2>
<section2 topic='Account Creation'>
<p>If a username was specified during the account creation process, the
server SHOULD NOT create an account on the server until the invitee
actually registers it with the corresponding token.
The server MUST reserve the username at least until the corresponding
token expires.</p>
</section2>
</section1>
<section1 topic='Implementation Notes' anchor='impl'>
<section2 topic='XMPP Server Suggestion for Invitees'>
<p>If the invitee opens an invitation URI with <strong>ibr=y</strong> and
chooses to create a new account, the client SHOULD pre-fill the
inviter JID's domain part as the new account's domain. The client MAY
provide a mechanism to enter or choose a different server, though.</p>
</section2>
</section1>
<section1 topic='Accessibility Considerations' anchor='access'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Internationalization Considerations' anchor='i18n'>
<p>OPTIONAL.</p>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>See security considerations in &xep0379;.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>This document requires no interaction with &IANA;.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>As authorized by &xep0147;, the XMPP Registrar maintains a registry of
queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;).</p>
<p>The key-value parameter <strong>preauth</strong> is added to the
<strong>register</strong> query action as defined in &xep0077;</p>
<code><![CDATA[
<querytype>
<name>register</name>
...
<key>
<name>preauth</name>
<desc>the token used to allow one-time in-band registration on the inviter's server</desc>
</key>
</querytype>
]]></code>
<p>In addition to the <strong>preauth</strong> key-value parameter define
in &xep0379;, the <strong>ibr</strong> parameter is added to the
<strong>roster</strong> query action.</p>
<code><![CDATA[
<querytype>
<name>roster</name>
...
<key>
<name>ibr</name>
<value>y</value>
<desc>the parameter to indicate that the token allows the invitee to create an account on the inviter's server via in-band registration</desc>
</key>
</querytype>
]]></code>
</section1>
<section1 topic='XML Schema' anchor='schema'>
<p>REQUIRED for protocol specifications.</p>
</section1>
</xep>