Now I'm adding support for registering a new account, working from the JPG pp.58-61. Mostly straightforward, except:
(1) I'm somewhat confused about the "already registered" response. As far as I can tell, it indicates that the requested username is already taken, so the client should prompt the user to enter a different username. (The JPG says "If the user is already registered with this service..." when I think what it really means is "If the chosen username is already registered by another user...")
(2) The docs are unclear on how modifying and deleting existing registrations work. My hunch is that you have to first log in normally, then send the jabber:iq:register query to update or delete the registration. Otherwise there's no authentication that prevents others from maliciously messing with your account. Correct?
(3) One minute after it sends the reply to my initial jabber:iq:register query, jabber.org disconnects me, saying that authentication timed out. Shouldn't the user be given more than a minute to fill out the form?
(4) jabber.org isn't sending me a <key>, which I had thought was required. I'm special casing this and just not sending back a <key> if the server didn't send me one. I'm actually unclear on what the <key> is for anyway. It sounds like a security thing but I'm at a loss to see how it makes the transaction any more secure since it's being sent back over the same socket it was received from.
As always, thanks for any clarifications...
—Jens
- Re: [JDEV] Registration questions Jens Alfke
- Re: [JDEV] Registration questions Jens Alfke
- RE: [JDEV] Registration questions Constantin Nickonov
