Modern XMPP project discussion - 2024-06-26

  1. jackhill

    Are there any more updates to the auth project?

  2. jackhill

    In particular, I'm setting up infrastructure for a new organization, and I'd like our auth options to play well with our chat. Also, I'd rather not deal with people's passwords, but maybe I can't get around that just yet.

  3. MattJ

    jackhill: the two things not "done" are 2FA (but all the groundwork is there, we just need to implement it), and OAuth is implemented but no XEP yet so clients don't support it (except some test clients)

  4. MattJ

    You could argue that it's all "standard OAuth" so doesn't need a XEP, but 1) there's no such thing, 2) we need a document that is basically signposts for developers to the appropriate specs and how they slot together in XMPP

  5. MattJ

    Depending which clients you're planning to deploy, there are options

  6. Kris

    https://github.com/modernxmpp/easy-xmpp-invitation/pulls

  7. Kris

    Would it be possible to merge some of these

  8. Kris

    The repo feels very unmaintained 😑

  9. MattJ

    Yeah, I will try to go over them soon

  10. MattJ

    I think half the open ones had issues that were unresolved

  11. Kris

    > You could argue that it's all "standard OAuth" so doesn't need a XEP, but 1) there's no such thing, 2) we need a document that is basically signposts for developers to the appropriate specs and how they slot together in XMPP Especially with clients like Monal already putting scary warnings if you try connecting via SASL Plain, it would be very nice to have better alternatives

  12. Kris

    > Yeah, I will try to go over them soon Thanks

  13. jackhill

    MattJ: thanks. Yeah, I was thinking along the lines of "how do I integrate this all?", "What other services do I need?", and "What's the state of work on the clients?"

  14. jackhill

    For clients ideally I'd be able to meet people where they are. Web's probably important too. Then, unfortunately, Windows.

  15. jackhill

    Something like https://omemo.top/

  16. MattJ

    If you look at "competitors" to XMPP in this area - for which I generally use the term "team chat" - native desktop clients are basically not a thing, they focus on their web client as the only, or primary, point of access. If they have an app, it's just the web app packaged with Electron or similar.

  17. MattJ

    And almost no other option provides a choice of software to use

  18. MattJ

    There are reasons for this ( https://snikket.org/blog/products-vs-protocols/ ), but when you're deploying something like this it's going to save you a lot of trouble if you focus on a particular setup

  19. MattJ

    In most cases, that's a web client just because it's trivially cross-platform

  20. MattJ

    Converse.js has some support for OAuth. It's not the same stuff we've been adding "native" support for in Prosody, but it's Good Enough for many use cases

  21. MattJ

    I think it would be between Converse.js and Movim, but I don't think Movim has any OAuth

  22. MattJ

    and there is, of course, the always-just-around-the-corner https://prose.org/

  23. jackhill

    I guess web it is. Or I end up writing my own client because I'm turned off by the current JS landscape.

  24. jackhill

    MattJ: what do the competitors do for mobile. Is that the web app too?

  25. jackhill

    Nice thing about doing web is that it should be straightforward to use the browser's webauthn support as part of the flow.

  26. jackhill

    MattJ: on the product thing, I'm happy to make it as Snikket-like as possible, but not sure full Snikket is for us. Also, definitely need non-mobile clients, so

  27. MattJ

    jackhill: on mobile it's either the web app packaged, or it's using a cross-platform framework such as React Native

  28. MattJ

    Snikket is explicitly not for team chat, that statement is on our website 🙂

  29. jackhill

    Ah 😁

  30. jackhill

    Prose does look slick! But for my original question, it sounds like a generic oauth offering should be fine.

  31. MattJ

    Prose is the Snikket-equivalent that is focusing on team chat. But it's also very early days for them.

  32. arcanicanis

    > I guess web it is. Or I end up writing my own client because I'm turned off by the current JS landscape. Hey, join the club, I'm writing something from scratch right now, in plain JavaScript, no external libraries, and I already have some basic chat functionality already in a few days of work.

  33. arcanicanis

    In the course of working through my hobby project, I have much more respect for the present state of the XMPP protocol, and how rationally designed much of it is.

    👍🏼 1
  34. jackhill

    > In the course of working through my hobby project, I have much more respect for the present state of the XMPP protocol, and how rationally designed much of it is. 👍🏼

  35. Kris

    > and there is, of course, the always-just-around-the-corner https://prose.org/ the latest releases of the webclient work quite ok already. Almost there I would say.

  36. Kris

    easy to self-host too

    👍🏼 1
  37. jackhill

    > easy to self-host too 👍🏼