New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suppport for XEP-0070: Verifying HTTP Requests via XMPP #600

jarobase opened this Issue Feb 14, 2018 · 2 comments


None yet
2 participants

jarobase commented Feb 14, 2018

XEP-0070 allows a client to verify HTTP Requests via XMPP. It can be used in 2 factor authentication or as a remplacement of passwords.


There are some implementations on the server side:

If the XEP-0070 is not supported, there is a fall back method (just plain text) so the client doesn't necessarily has to have support for this. Unfortunately, this method is not practical to use.

In order to test several clients support, I made a small website:

You can use it to try the usability.
in the future, I aim to make a website for non-tech people based on this feature.

Unfortunately, it is not really convenient with Movim at the moment.

  • There is not notification (the component is not in the roster)
  • User must check new messages in discussion and copy paste the validation code.

People not familiarized with XMPP could not easily use the functionality with Movim.

Moreover, it seems not possible to add the component in the roster and therefore receive notifications. I don't know if it is a standard behavior.

@edhelas edhelas added this to the 0.14 milestone Feb 14, 2018

@edhelas edhelas self-assigned this Feb 14, 2018

@edhelas edhelas closed this in 9e1de3e Feb 14, 2018


This comment has been minimized.


edhelas commented Feb 14, 2018

XEP-0070 has been implemented in the project, thanks for
However is seems that your library doesn't handle the "refuse" case yet :)


This comment has been minimized.

jarobase commented Feb 14, 2018

Great !
With Gajim, when I refuse, I get the following message below the validation code on the web page.
"User jid@server.tld refused to authenticate."
Maybe a redirection on my website would be better in the future.

Can I try this functionality on a "trunk" pod?

Thanks a lot for your reactivity and congratulations for your work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment