Standards:GMCP Authentication

From Mudlet
Revision as of 06:25, 17 February 2024 by Vadi (talk | contribs) (Add GMCP Authentication spec)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

GMCP Extension for MUD Client Authentication

This document defines a new GMCP extension to enable MUD clients to send credentials and perform authentication using GMCP messages instead of in-band login commands. It also includes optional support for OAuth authorization flows.

Rationale

Different MUDs have diverse login command formats, making it challenging for MUD clients to handle login consistently. This extension provides a standardized way to exchange authentication information through GMCP, simplifying client development and improving compatibility. Additionally, the extension supports OAuth authorization flows, allowing clients to leverage external identity providers for login.

Design

The extension introduces a new namespace called Client.Authenticate with the following commands:

Server-side:

  • Client.Authenticate.Default: This message, sent in response to Client.Supports.Set, informs the client of the supported authentication methods:
    • type: An array indicating the supported method(s), which is one or more of:
      • password-credentials: Traditional username/password login.
      • oauth-authorization-code: OAuth Authorization Code Grant flow.
      • oauth-PKCE: OAuth Proof Key for Code Exchange flow.
      • oauth-device-code: OAuth Device Code Grant flow.

Since multiple flows can be supported by a server the type array shall be ordered in the descending order of preference by the server. If the server supports only the credentials flow:

 Client.Auth.Default {"type": ["password-credentials"]}

If the server supports both Device Code and credentials, specify preference for Device Code with:

 Client.Auth.Default {"type": ["oauth-device-code", "password-credentials"]}

Client-side:

  • Client.Authenticate.Credentials: This message, sent after receiving Client.Authenticate.Default with type as password-credentials, sends the character name and password for traditional login.
  • Client.Authenticate.OAuth: This message, sent after receiving Client.Authenticate.Default, contains information specific to the chosen OAuth flow (e.g., authorization code, PKCE verifier, etc.). The specific format will be defined in consultation with the community.

Example Flow (Password Credentials):

  1. Client connects and sends: Core.Supports.Set ["Client.Authenticate 1"]
  2. Server responds with: Client.Authenticate.Default {"type": ["password-credentials"]}
  3. Client sends: Client.Authenticate.Credentials {"character": "username", "password": "password"}
  4. Server validates credentials and performs login.

OAuth Flows:

Specific details for each supported OAuth flow will be defined in separate documents. These documents will outline the message formats and server-side logic for handling each flow.

Implementation Considerations

  • This extension should be implemented according to the GMCP protocol specifications.
  • Messages should be well-formatted JSON objects.
  • Servers should validate incoming authentication information securely.
  • Clients should handle potential errors and server responses gracefully.

Conclusion

This GMCP extension provides a standardized and flexible approach to MUD client authentication, improving compatibility and enabling support for OAuth authorization flows. By adopting this extension, MUD developers and client developers can simplify login processes and enhance user experience.

Note: This is a draft proposal, and further community input and refinement may be necessary before finalizing the specification. Additionally, the specific details of OAuth flow support require input from the community to be defined.