This article follow up the article about Authentication without password using XMPP on a Django website previously presented here. This article introduced the XMPP extension (XEP-0070) which allows one to connect on a website with his XMPP account, without additional password.

Unfortunately, the XEP-0070 is not widely used but this article aims to present you my little contribution to change this situation.

Introduction

Those who know me know that I tends to have multiple projects in parallels. I have one in the back of my head since several months but it is too early to talk about it yet. I want this project to be usable with XMPP. Some resources will be accessible on a web server but I don't want to force users to manage additional passwords. This is the perfect use case of XEP-0070.[ref]Goffi from the Salut à Toi project is curently working on a different solution to adress these kind of challenges. [/ref]

In order to test the accessibility and the number of user-friendly clients that support this extension, I published a small demo website:

https://demo.agayon.be/

This website is built with the famous Django framework. Moreover, the revelant code is available in the previous post and on the Gitlab page.

You can try the demo by clicking on the "Sign In" button. The only information needed is your XMPP account (JID). You will then receive a request on your XMPP client. If it does support the XEP, you will be invited to click in a dialog box in order to accept the connection.

It your client does not support it, there is a fallback mechanism where you receive a message from "auth.agayon.be". Unfortunately, The method may be tedious on some mobile clients. It is quite sad because it is the best use case of the XEP.

Examples

Movim (new)

Shortly after I submitted a bug report about this feature, edhelas from the Movim project implemented it. His reactivity is remarkable. The feature is available on the official pods.

Gajim

Salut à toi (Primitivus)

Conversations

Unfortunately, Conversations, one of the best mobile clients, does not support the feature yet.

Sources

The sources are available on my gitlab.com account.

The service is still in beta. Do not hesitate to contact me if you experience some bugs with the demo.

Conclusions

You no longer have excuses to avoid to authenticate users on your platform with XMPP.

• Nice and user-friendly clients implement it.
• The Chteufleur's component is stable and easy to use.
• It is quite easy to add the functionality on the website running with django, Wordpress and it should not be an insurmountable challenge with ruby on rails.

In the future, I will probably encourage new users to use Movim with my projects as it does not require installation and it supports the XEP.

I hope to be able to give you updates soon about the agayon project.

In the meantime, bug reports have been submitted:

• Conversations
• Converse.js
• Movim (Already fixed as previously mentioned)

Stay tuned !

Links

• XEP-0070
• Authentication component by Chteufleur
• Description of the mechanism (french)
• Django authentification
• Previous article
• Code on Gitlab