Authentication: Session lifecycle

[valeriansaliou]

• Improve login (to its final state)

  • Description: The login form could not be implemented to 100% state due to missing server feature.
  • ⚠️ Concerns:
    1. We need to implement a way for tokens to be generated by the server (pretty much like most modern REST APIs work). A token should be revocable from any connected application, eg. if the user lost their device. Not sure a XEP exists for that, in any case we may need to create a Prosody module as well;
    2. Find a clean way to protect account credentials (JID + password) w/ an additional TOTP token (there should be a XEP for that, we also need to look for a Prosody module);

• Connect using session tokens

  • Description: Re-using the session tokens generated by the server (not possible ATM, see concerns above).

• Ability to logout and destroy session tokens

  • Description: Ability for the user to remove an account from the Prose app, which would need to destroy the session tokens from the server (not possible ATM, see concerns above).