Mercurial > prosody-modules
annotate mod_minimix/README.markdown @ 5193:2bb29ece216b
mod_http_oauth2: Implement stateless dynamic client registration
Replaces previous explicit registration that required either the
additional module mod_adhoc_oauth2_client or manually editing the
database. That method was enough to have something to test with, but
would not probably not scale easily.
Dynamic client registration allows creating clients on the fly, which
may be even easier in theory.
In order to not allow basically unauthenticated writes to the database,
we implement a stateless model here.
per_host_key := HMAC(config -> oauth2_registration_key, hostname)
client_id := JWT { client metadata } signed with per_host_key
client_secret := HMAC(per_host_key, client_id)
This should ensure everything we need to know is part of the client_id,
allowing redirects etc to be validated, and the client_secret can be
validated with only the client_id and the per_host_key.
A nonce injected into the client_id JWT should ensure nobody can submit
the same client metadata and retrieve the same client_secret
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 03 Mar 2023 21:14:19 +0100 |
parents | 140cda94c342 |
children |
rev | line source |
---|---|
4540
3aab4e3ab06f
mod_minimix/README: Change markdown header syntax
Kim Alvefur <zash@zash.se>
parents:
3121
diff
changeset
|
1 # Account based MUC joining |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
2942
024075effb74
mod_minimix/README: Fix typo (thanks porrier)
Kim Alvefur <zash@zash.se>
parents:
2941
diff
changeset
|
3 Normally when joining a MUC groupchat, it is each individual client that |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 joins. This means their presence in the group is tied to the session, |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 which can be short-lived or unstable, especially in the case of mobile |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 clients. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 This has a few problems. For one, for every message to the groupchat, a |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 copy is sent to each joined client. This means that at the account |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 level, each message would pass by once for each client that is joined, |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 making it difficult to archive these messages in the users personal |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 archive. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 A potentially better approach would be that the user account itself is |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 the entity that joins the groupchat. Since the account is an entity that |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 lives in the server itself, and the server tends to be online on a good |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 connection most of the time, this may improve the experience and |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 simplify some problems. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 This is one of the essential changes in the MIX architecture, which is |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 being designed to replace MUC. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 `mod_minimix` is an experiment meant to determine if things can be |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 improved without replacing the entire MUC standard. It works by |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 pretending to each client that nothing is different and that they are |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 joining MUCs directly, but behind the scenes, it arranges it such that |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 only the account itself joins each groupchat. Which sessions have joined |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 which groups are kept track of. Groupchat messages are then forked to |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 those sessions, similar to how normal chat messages work. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
4540
3aab4e3ab06f
mod_minimix/README: Change markdown header syntax
Kim Alvefur <zash@zash.se>
parents:
3121
diff
changeset
|
31 ## Known issues |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 - You can never leave. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 - You will never see anyone leave. |
3121
92b4a1d72d73
mod_minimix/README: Doesn't handle incoming kicks yet
Kim Alvefur <zash@zash.se>
parents:
2943
diff
changeset
|
35 - Being kicked is not handled. |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
4540
3aab4e3ab06f
mod_minimix/README: Change markdown header syntax
Kim Alvefur <zash@zash.se>
parents:
3121
diff
changeset
|
37 ## Unknown issues |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 - Probably many. |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
4541
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
41 ## TODO |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
42 |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
43 - Integrate with bookmarks |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
44 - tracking outgoing presence |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
45 - leaving rooms |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
46 - nickname management |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
47 - bookmark sync |
140cda94c342
mod_minimix/README: Add TODO section
Kim Alvefur <zash@zash.se>
parents:
4540
diff
changeset
|
48 |
4540
3aab4e3ab06f
mod_minimix/README: Change markdown header syntax
Kim Alvefur <zash@zash.se>
parents:
3121
diff
changeset
|
49 # Compatibility |
2941
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
a57ed544fece
mod_minimix: Experiment in account-based MUC joins
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 Briefly tested with Prosody trunk (as of this writing). |