Closed bluemods closed 7 months ago
Thank you for this awesome pull request.
http
directory deals with HTTP requests, maybe it will be better to rename it to http_requests
?disable_auth_cert
and can this be automated?1) I renamed http to http_requests to resolve that 2) auth certs have one purpose, this is to sign JWTs for clients using the Kik browser and wanting to authenticate their account for web requests (like linking their account to a game and proving ownership, or authenticating against a Kik web-service like the sticker and emoji inventories). This functionality is part of the kik.js library, for which the docs have been taken offline but it still works and I have a copy of them. This library doesn't currently implement the functionality to create JWTs / sign requests, so it won't have a use for most people.
I made an archive of the kik.js docs. Search for kik.sign to read more about it
Oh I see. So the auth cert request was added by @kandnub in 9ea8795063a353a212b8b8383f12c97469ddc729. Do you think we can have disable_auth_cert=True
by default? Or even remove the self.authenticator.send_stanza()
line?
Oh I see. So the auth cert request was added by @kandnub in 9ea8795. Do you think we can have
disable_auth_cert=True
by default? Or even remove theself.authenticator.send_stanza()
line?
True by default, sure, but I don't see a reason to remove it entirely.
I don't see a reason to remove it entirely.
We won't remove the AuthStanza
class of course, but why would anyone want to create a bot with disable_auth_cert=False
? Can you give one example?
JWT signing / requests could be implemented for interacting with websites or unlocking all the emotes in Kik's emote shop, for example. But it is a very niche use case so I did change it to be disabled by default.
This aims to enable the client to auto reconnect properly, handle connection failures, and parse stanzas using pull parsing.
Some notes:
defusedxml
, this safely parses the xml without trying to resolve entities, DTDs, etc, which XMPP / Kik does not use.disable_auth_cert
, default false. When true, auth cert is skipped. I include this option because generating auth certs is slow, and is generally not needed for most users of the API.