Skip to main content

Working with Xmpp in Python

Xmpp is an open standard for messaging and presence, used for instant messaging systems. It is also used for chat systems in several games, most notably League of Legends made by Riot Games.

Xmpp is an xml based protocol. Normally you work with xml documents - with Xmpp you work with a stream of xml elements, or stanzas - see for the full definitions of these concepts. This has some implications on how best to work with the xml.

To experiment with Xmpp, let's start by installing a chat server based on Xmpp and start interacting with it. For my purposes I've chosen Prosody - it's nice and simple to install, especially on macOS with Homebrew:

brew tap prosody/prosody
brew install prosody

Start the server with prosodyctl - you may need to edit the configuration file (/usr/local/etc/prosody/prosody.cfg.lua on the Mac), adding entries for prosody_user and pidfile. Once the server is up and running we can start poking at it to get a feel for how to work with the Xmpp protocol. For the purposes of this demonstration we also need to relax some common sense security requirements, to allow authentication over unencrypted connections.

Add the following to the configuration file, at the top:

prosody_user = "<your user name>"
pidfile = ""
allow_unencrypted_plain_auth = true

Then start the Prosody server from a terminal window:

prosodyctl start

You should see log output from the server, indicating that has activated host localhost and is listening on port 5222.

Before we can do much with this chat server we need to add a user:

prosodyctl adduser me@localhost

I would also recommend trying it out with an existing chat client - I like Swift, primarily for its debug console. Once you've verified that the server is working, we can start experimenting with talking to it on a lower level.

Communicating in Python

Let's do some experiments from a Python terminal. First, let's open a socket to talk to the server in Python:

import socket
s = socket.socket()
s.connect(("localhost", 5222))
start = "<?xml version='1.0'?>" \
"<stream:stream to='localhost' version='1.0' " \
"xmlns='jabber:client' " \

Assuming everything is working correctly you should get output like this (minus the formatting):

<?xml version='1.0'?>
        <mechanisms xmlns=urn:ietf:params:xml:ns:xmpp-sasl>
    <auth xmlns=>
    <starttls xmlns=urn:ietf:params:xml:ns:xmpp-tls/>

This is the start of the handshake between the client and the server that takes place when the client wants to connect. That initial message we send to the server informs it we want to establish a connection - it responds with a stream:features element listing the possible authentication mechansims. It also indicates that it can provide a secure connection, with the presence of the starttls element.

While a proper Xmpp client should use a secure authentication mechanism and use a secure connection, we’ll ignore that for now and use the PLAIN authentication. If you don’t see that in your output you need to revisit the configuration of the server to allow it.

The next step in the handshake is to authenticate, sending the userid and password. For the PLAIN mechanism the userid and password are encoded into a BASE64 string:

import base64
key=base64.b64encode("\0{0}\0{1}".format("me", "test").encode("ascii")).decode()

Then we send an auth element to the server:

package = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>{0}</auth>".format(key)

We should see a confirmation from the server that the authentication was successful:

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></success>

The next bit feels somewhat strange, but it still makes sense. We send the stream element again - exactly the same as we did in the beginning:


We get a similar response, listing features:

<?xml version='1.0'?>
    <c hash='sha-1'
    <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
    <session xmlns='urn:ietf:params:xml:ns:xmpp-session'>
    </session><ver xmlns='urn:xmpp:features:rosterver'/>

This tells us that bind is required, that is binding this connection to a resource id. This is to identify different connections for the same user from different chat clients. The bind is done with an iq element:

bind="<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><resource>test</resource></bind>"
iq="<iq id='id1' type='set' from='me@localhost'>{0}</iq>".format(bind)

Finally we announce our presence:


At this point things are getting too complicated to do anything meaningful from the Python terminal - we need to start writing a proper Python program.


Popular posts from this blog

Large scale ambitions

Learning new things is important for every developer. I've mentioned  this before, and in the spirit of doing just that, I've started a somewhat ambitious project. I want to do a large-scale simulation, using  Elixir  and Go , coupled with a physics simulation in C++. I've never done anything in Elixir before, and only played a little bit with Go, but I figure,  how hard can it be ? Exsim I've dubbed this project exsim - it's a simulation done in Elixir. Someday I'll think about a more catchy name - for now I'm just focusing on the technical bits. Here's an overview of the system as I see it today: exsim  sits at the heart of it - this is the main server, implemented in Elixir. exsim-physics  is the physics simulation. It is implemented in C++, using the Bullet physics library. exsim-physics-viewer  is a simple viewer for the state of the physics simulation, written in Go. exsim-bot  is a bot for testing exsim, written in Go.

Mnesia queries

I've added search and trim to my  expiring records  module in Erlang. This started out as an  in-memory  key/value store, that I then migrated over to  using Mnesia  and eventually to a  replicated Mnesia  table. The  fetch/1  function is already doing a simple query, with  match_object . Result = mnesia : match_object ( expiring_records , # record { key = Key , value = '_' , expires_at = '_' }, read ) The three parameters there are the name of the table -  expiring_records , the matching pattern and the lock type (read lock). The  fetch/1  function looks up the key as it was added to the table with  store/3 . If the key is a tuple, we can also do a partial match: Result = mnesia : match_object ( expiring_records , # record { key = { '_' , " bongo " }, value = '_' , expires_at = '_' }, read ) I've added a  search/1  function the module that takes in a matching pattern and returns a list of items wh