Modern XMPP project discussion - 2024-04-22

  1. arcanicanis

    Is this an appropriate channel for asking of XMPP client dev questions, or is it intended more for Working Group style discussion for the modernxmpp.org website?

  2. jonas’

    arcanicanis, hi! it depends; normally the place for XMPP development is xmpp:jdev@muc.xmpp.org?join, but if you're having questions specific to the topics addressed by modernxmpp.org, this here may also be a good place.

  3. arcanicanis

    I guess one confusion I have is: I see use and mentions of `<session xmlns='urn:ietf:params:xml:ns:xmpp-session'/>` in the old XMPP RFC (RFC3921 from 2004), and zero mention in the latest XMPP Core and XMPP IM RFCs, is it something no longer required then?

  4. jonas’

    arcanicanis, correct.

  5. jonas’

    unless you happen to be talking to a _really_ ancient version of some server softwares

  6. Zash

    relevant: https://datatracker.ietf.org/doc/draft-cridland-xmpp-session/

  7. jonas’

    I did encounter servers which actually required session in 2015. I suspect it's not the case anymore today.

  8. Zash

    We can certainly hope :)

  9. arcanicanis

    So with latest server implementations, that if I've authenticated, reopened stream, performed resource binding, then I should be free to perform any standard messaging activity, or is there another step I'm missing? Or strongly recommended to enable Stream Management, or?

  10. Zash

    Question is if clients still send it, requiring that servers answer it (by doing nothing)

  11. jonas’

    arcanicanis, enabling stream management is a good idea unless you are in an extremely well-controlled networking situation

  12. jonas’

    but otherwise, yes.

  13. jonas’

    Zash, aioxmpp will send it, unless it is explicitly marked as optional via that draft

  14. arcanicanis

    For context: I'm writing a very minimalistic webclient from scratch, in plain JavaScript, no dependencies, using WebSockets for transport, to demo the concept of how simple an XMPP client can be, and possibly extend that further with building a WebRTC video/voice call, to also show that such a thing isn't profoundly novel, as an argument against people that think there's some special novelty to Discord, MS Teams, etc (which all are just lipstick ontop of a signalling layer and WebRTC)

  15. arcanicanis

    So effectively I'm trying to take the shortest path possible, while still having something functional enough. I could even continue it further as another whole complete web-based client afterward

  16. MattJ

    arcanicanis: are you using an existing library?

  17. arcanicanis

    Noap, no library; within 2 days I'm already gotten through implementing SCRAM-SHA-256 from scratch, no external libraries, just the plain primitives provided in WebCrypto

  18. arcanicanis

    and with resource binding, in ~250 lines of plain JavaScript

  19. arcanicanis

    Now the rest is just adding a little bit of an interface, basic MUC support, etc

  20. jonas’

    that sounds impressive.

  21. veteran

    my idol id diogenes

  22. veteran

    my idol is diogenes

  23. jonas’

    "now the rest..." famous last words :) but keep going!

  24. jonas’

    I think 250 lines for an XML stream implementation is pretty good

  25. arcanicanis

    I can probably add host-meta resolution for WebSocket endpoint discovery, and then pop up what I have for progress, as right now I just have it hard-coded to my server's WebSocket endpoint

  26. arcanicanis

    Obviously right now you can't use an interface to send message yet, it's just connection establishment, auth, binding, etc, as you watch in the developer console

  27. arcanicanis

    But I'm sure in another ~100 lines of code and few things of HTML, it could

  28. MattJ

    arcanicanis: was just thinking SASL2/Bind2 would probably make things a lot easier, that was the intent. But they are still relatively new so most servers don't have them yet.

  29. arcanicanis

    > arcanicanis: was just thinking SASL2/Bind2 would probably make things a lot easier, that was the intent. But they are still relatively new so most servers don't have them yet. Yes, I was actually poking at that and bizarrely, I was getting an error of <encryption-required /> back from ejabberd 24.02 over a wss:// connection

  30. arcanicanis

    > <failure xmlns='urn:xmpp:sasl:2'><encryption-required xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/></failure>

  31. arcanicanis

    ```xml <failure xmlns='urn:xmpp:sasl:2'><encryption-required xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/></failure> ```

  32. arcanicanis

    for SCRAM-SHA-256 over a TLS-encrypted WebSocket connection

  33. MattJ

    Is there some kind of reverse proxy involved, or does the connection go direct to ejabberd?

  34. arcanicanis

    Straight to ejabberd, no nginx/Apache/etc in the middle. Straight to port 5443 where it's served on.

  35. MattJ

    Then probably an ejabberd bug

  36. MattJ

    Worth reporting

  37. arcanicanis

    So here's my foundation of the client code hacked together from scratch, it's definitely not cosmetic code: https://arcanican.is/demo/xmpp-bare.htm

  38. arcanicanis

    as proof that you can trivially start an XMPP client from scratch, no libraries, and just using the primitives the web browser already provides (WebCrypto even include PBKDF2 apparently)

  39. arcanicanis

    (requires a server with a WebSocket endpoint, and with it discoverable from /.well-known/host-meta)

  40. MattJ

    arcanicanis: nice!