[Standards] Proposed XMPP Extension: Authorization Tokens

Andrew Nenakhov andrew.nenakhov at redsolution.com
Mon Sep 16 13:05:09 UTC 2019


пн, 16 сент. 2019 г. в 17:54, Dave Cridland <dave at cridland.net>:
>> The XEP does not impose any restrictions on initial auth methods. In
>> the beginning a client authenicates itself and is issued a token on
>> request, after which a server works with this session as with a
>> session with a token, which could be later revoked in a regular way.
>> This restriction means that if a client authenticated itself with a
>> client and did not issue itself a token, a server should drop it,
>> because a user can not manage such session.
>>
> At what point do you drop the session? Before it sends messaging? Or do you want a mandatory step after (initial) authentication?

In our implementation session is dropped Immediately after bind. But
we plan to drop it at bind.

> How are you intending to handle existing clients, which don't yet understand tokens?

We do not intend to support legacy clients without token support, it
kinda kills the idea. However, we do plan to do PRs to select
open-source clients to add this feature.

-- 
Andrew Nenakhov
CEO, redsolution, OÜ
https://redsolution.com


More information about the Standards mailing list