[Standards] UPDATED: XEP-0401 (Easy User Onboarding)
georg at op-co.de
Thu Jan 9 15:10:29 UTC 2020
* Jonas Schäfer <jonas at wielicki.name> [2020-01-08 17:12]:
> Revert version 0.3.0, which was merged prematurely and incorrectly.
I've resubmitted the change as https://github.com/xsf/xeps/pull/874
Marc also kindly asked to bring this up for wider discussion, so here it
Council feedback on the initial submission of 0401 included criticism of
using a manually modified IBR element for the special case of
registering-with-a-token. While I agree that it was an ugly hack, I also
deeply hate data forms, so I tried to walk a different line this time.
The proposed change adds a separate unauthenticated IQ before IBR, in
which the preauth token is communicated to the server. This is using IQ
semantics and thus is easy to implement on clients, including the
handling of errors. OTOH, server-side handling of pre-auth IQs is
problematic, I was told.
People also suggested using a dedicated stream element for this, which
is possible but requires more glue logic to parse stanza errors from it.
This is not perfect: because it is part of a dedicated exchange, there
is now a decoupling between checking the validity of a token (on the
preauth IQ) and actually redeeming it (on the following IBR).
This can be made work more elegantly on top of SASL2, but I wanted to
have something that can be deployed today (and it's live on yax.im and
in the yaxim nightly beta for a week now).
|| http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++
|| gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ ||
|| Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Standards