Comparison

mod_client_management/README.md @ 5314:7c123d3285de

mod_client_management: README: Update docs to detail shell and XMPP interfaces
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Apr 2023 19:31:29 +0100
parent 5294:385346b6c81d
child 5601:e9af6abf2b1e
comparison
equal deleted inserted replaced
5313:80ecba092027 5314:7c123d3285de
24 client instance, and is also exposed to other XMPP entities the user communicates with. 24 client instance, and is also exposed to other XMPP entities the user communicates with.
25 25
26 When `enforce_client_ids` is enabled, clients that don't support SASL2 and provide a client id will be 26 When `enforce_client_ids` is enabled, clients that don't support SASL2 and provide a client id will be
27 denied access. 27 denied access.
28 28
29 ## Shell usage
30
31 You can use this module via the Prosody shell. For example, to list a user's
32 clients:
33
34 ```shell
35 prosodyctl shell user clients user@example.com
36 ```
37
29 ## Compatibility 38 ## Compatibility
30 39
31 Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12 40 Requires Prosody trunk (as of 2023-03-29). Not compatible with Prosody 0.12
32 and earlier. 41 and earlier.
42
43 ## Developers
44
45 ### Protocol
46
47 #### Listing clients
48
49 To list clients that have access to the user's account, send the following
50 stanza:
51
52 ```xml
53 <iq id="p" type="get">
54 <list xmlns="xmpp:prosody.im/protocol/manage-clients"/>
55 </iq>
56 ```
57
58 The server will respond with a list of clients:
59
60 ```xml
61 <iq id="p" to="mattj-gajim@auth2.superxmpp.com/gajim.UYJKBHKT" type="result" xmlns="jabber:client">
62 <clients xmlns="xmpp:prosody.im/protocol/manage-clients">
63 <client connected="true" id="client/zeiP41HLglIu" type="session">
64 <first-seen>2023-04-06T14:26:08Z</first-seen>
65 <last-seen>2023-04-06T14:37:25Z</last-seen>
66 <auth>
67 <password/>
68 </auth>
69 <user-agent>
70 <software>Gajim</software>
71 <uri>https://gajim.org/</uri>
72 <device>Juliet's laptop</device>
73 </user-agent>
74 </client>
75 <client connected="false" id="grant/HjEEr45_LQr" type="access">
76 <first-seen>2023-03-27T15:16:09Z</first-seen>
77 <last-seen>2023-03-27T15:37:24Z</last-seen>
78 <user-agent>
79 <software>REST client</software>
80 </user-agent>
81 </client>
82 </clients>
83 </iq>
84 ```
85
86 On the `<client/>` tag most things are self-explanatory. The following attributes
87 are defined:
88
89 - 'connected': a boolean that reflects whether this client has an active session
90 on the server (i.e. this includes connected and "hibernating" sessions).
91 - 'id': an opaque reference for the client, which can be used to revoke access.
92 - 'type': either `"session"` if this client is known to have an active or inactive
93 client session on the server, or "access" if no session has been established (e.g.
94 it may have been granted access to the account, but only used non-XMPP APIs or
95 never logged in).
96
97 The `<first-seen/>` and `<last-seen/>` elements contain timestamps that reflect
98 when a client was first granted access to the user's account, and when it most
99 recently used that access. For active sessions, it may reflect the current
100 time or the time of the last login.
101
102 The `<user-agent/>` element contains information about the client software. It
103 may contain any of three optional child elements, each containing text content:
104
105 - `<software/>` - the name of the software
106 - `<uri/>` - a URI/URL for the client, such as a homepage
107 - `<device/>` - a human-readable identifier/name for the device where the client
108 runs
109
110 The `<auth/>` element lists the known authentication methods that the client
111 has used to gain access to the account. The following elements are defined:
112
113 - `<password/>` - the client has presented a valid password
114 - `<grant/>` - the client has a valid authorization grant (e.g. via OAuth)
115 - `<fast/>` - the client has active FAST tokens
116
117 #### Revoking access
118
119 To revoke a client's access, send a `<revoke/>` element with an 'id' attribute
120 containing one of the client ids fetched from the list:
121
122 ```xml
123 <iq id="p" type="set">
124 <revoke xmlns="xmpp:prosody.im/protocol/manage-clients" id="grant/HjEEr45_LQr" />
125 </iq>
126 ```
127
128 The server will respond with an empty result if the revocation succeeds:
129
130 ```xml
131 <iq id="p" type="result" />
132 ```
133
134 If the client has previously authenticated with a password, there is no way to
135 revoke access except by changing the user's password. If you request
136 revocation of such a client, the server will respond with a 'service-unavailable'
137 error, with the 'password-reset-required' application error:
138
139 ```xml
140 <iq id="p" type="error">
141 <error type="cancel">
142 <service-unavailable xmlns="xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'">
143 <password-reset-required xmlns="xmpp:prosody.im/protocol/manage-clients"/>
144 </error>
145 </iq>
146 ```