Gsoc2024/Prav.app/Standards compliant SMS OTP based authentication

The XMPP project that is the subject of this GSoC Project Idea is the Prav.app project. Prav is a messaging service which can be used to exchange messages, audio/video calls, files, images and videos through internet.

Google Summer of Code project description

Phone number + SMS OTP based authentication is a very popular method of using internet services in many parts of the world, popularized by services like WhatsApp. This approach is followed by Quicksy and Prav (a Quicksy fork). But presently, this is being done in a custom approach which is specific to QuicksyServer+Quicksy client application. We need to enable users to sign up / login to XMPP with SMS authentication in a standards compliant way.

Prav is presently limited to Android because it relies on this custom implementation (in the rebranded version of Quicksy). If we implement a standards compliant way of doing this we will be able to allow any XMPP client to sign up to prav.app. This will allow Prav to be used from iOS and other platforms.

Deliverables / Expected Results

Implement XEP 0388 in Quicksy server (for SMS OTP second factor) and complete its implementation in ejabberd allowing any XMPP client to sign up to prav.app service.

Relevant readings

• XMPP
• https://xmpp.org/extensions/xep-0388.html
• https://monal-im.org/post/00003-nlnet-funding/
• https://opencollective.com/prav-ios