On Wed, 19 Mar 2025 at 15:53, Andrzej Telezynski <[email protected]> wrote: > > Hello, > > I am confused about those two elements: `authorization-identity` and > `authorization-identifier`. > Are they equivalent? They seem to be used in the same context.
Ha, lots of fun. I think the correct one is <authorization-identifier/>. It's in XEP-0388 which is the official definition of the urn:xmpp:sasl:2 namespace. I confirmed it's also what Prosody is using, and lots of client implementations were developed against Prosody. The SASL RFC ( https://www.rfc-editor.org/rfc/rfc4422 ) uses the term "authorization identity" (the term "authorization identifier" does not appear), so I guess that's how the "wrong" term slipped in by mistake, and probably got copied into the later XEPs. > Grepping the XEPS repo shows both are used: > > $ grep -rl authorization-identity > ./xep-0484.xml > ./inbox/xep-fast.xml > ./inbox/sasl2.xml > ./xep-0386.xml > > $ grep -rl authorization-identifier > ./xep-0480.xml > ./inbox/xep-downgrade-prevention.xml > ./inbox/xep-scram-upgrade.xml > ./inbox/sasl2.xml > ./xep-0198.xml > ./xep-0388.xml > ./xep-0474.xml > > What confuses me is that they both are used in the same context, f. ex.: > > "XEP-0386: Bind 2" has `authorization-identity` in successful Bind response: > https://xmpp.org/extensions/xep-0386.html#example-4 > > <success xmlns='urn:xmpp:sasl:2'> > > <authorization-identity>[email protected]/AwesomeXMPP.4232f4d4</authorization-identity> > <bound xmlns='urn:xmpp:bind:0'> > <metadata xmlns='urn:xmpp:mam:2'> > <start id='YWxwaGEg' timestamp='2008-08-22T21:09:04Z' /> > <end id='b21lZ2Eg' timestamp='2020-04-20T14:34:21Z' /> > </metadata> > </bound> > </success> > > But "XEP-0388: Extensible SASL Profile" uses `authorization-identifier` > https://xmpp.org/extensions/xep-0388.html#example-7 > > <success xmlns='urn:xmpp:sasl:2'> > <!-- Base64 of: 'v=msVHs/BzIOHDqXeVH7EmmDu9id8=' --> > <additional-data> > dj1tc1ZIcy9CeklPSERxWGVWSDdFbW1EdTlpZDg9 > </additional-data> > <authorization-identifier>[email protected]</authorization-identifier> > </success> > > Is it valid to use `authorization-identifier` in all those cases? > > What about other XEPS that use `authorization-identity` f. ex. > "XEP-0484: Fast Authentication Streamlining Tokens" ? > https://xmpp.org/extensions/xep-0484.html#example-3 > > It seems that clients need to expect both variants anyway. It's a mistake in the XEPs, they shouldn't be contradicting each other. XEP-0388 defines the urn:xmpp:sasl:2 namespace and it defines only <authorization-identifier/>. The only XEPs containing 'authorization-identity' are XEP-0386 and XEP-0484, and I worked on both of those, so apologies! I'll make sure they get fixed. Maybe if we ever bump the sasl:2 namespace we can change the element name to match the SASL RFC's original terminology though :) Regards, Matthew _______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
