Conversations: Support XEP-0070: Verifying HTTP Requests via XMPP

Prosody have a Plugin to handle HTTP Auth ...

https://modules.prosody.im/mod_auth_http_async.html

The prosody module you refer to does not seem to handle XEP-0070. It is doing authentification of XMPP user via HTTP basic verification, which is quite the opposite.

As far as I can see, XEP-0070 is not supported by Prosody (yet): http://prosody.im/doc/xeplist

Hi,
It would make a great feature, indeed.

@tigre-bleu: The server doesn't need to interpret those stanzas. So there is no implementation needed by XMPP server (there are all compatible).

This is a classic chicken-egg problem. There aren't any services out there which make use of this feature and there aren't any services because there are no clients which implement this.
However the XEP provides a fall back method (just plain text) so the client doesn't necessarily has to have support for this. So in this case I think it is fair to let the service operators implement this first before we wrap this in some nice UI.

I understand your point of view.
I think that if we want to make that websites (or other applications) use this authentication system, we have to make the first step (with the risk that it will be un-used).

Hope it will become more popular in the future.

I confirm that the fallback works with Conversations, but it is not very elegant. If I have some spare time this week-end, I will think about a design for this function.

Is there any design toolkit that we can use to prototype an HMI using Conversations UI parts?

A first and quick mockup:

Nice.

What about a notification (like this) with accept/deny button ?

Why not, as long as it does not require Google Play Services.

I don't think so. My phone is on Cyanogen without any Google App, and I see this kind of notification.

In order to test several clients support, I made a small website:

https://demo.agayon.be/

I aim to make a website for non tech people based on this feature.

You can use it to try the usability.

Unfortunately, it is not really convenient with Conversations as it is not possible to copy a small part of a message.

gajim has a nice implementation of the client side. The fallback of the demo works with Conversations, but not all XEP-0070 requests are working.

When I use https://github.com/louiz/slixmpp/blob/master/examples/confirm_ask.py it works with gajim, but does not have a fallback for other clients. The question arrives as message, but the answer probably needs to be parsed in code outside of the xep-0070 implementation.

With a mobile phone as second device, XEP-0070 would make a lot of sense, so a simple implementation in Conversations would be great :-).

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

For information, I made a plugin for conversejs:
https://github.com/conversejs/community-plugins/tree/master/http-auth
It looks like this:

Still would love this feature in Conversations.

I think having this functionality in Conversations is currently not necessary. It has a manual fallback and for the time being I think it's OK if we just use that until more services are around that actually use this. I realize that this is a chicken and egg problem; But we don’t have to be the egg every single time.