xmpp.js: Unable to connect to Openfire: resource binding fails

Describe the bug The connection with Openfire cannot be established because the resource binding is refused with a not-authorized message.

Logs

status connecting xmpp://example.com:5222
status connect 
status opening 
status open <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="example.com" id="9gu8hocl7j" xml:lang="en" version="1.0"/>

IN
<stream:features xmlns="http://etherx.jabber.org/streams">
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
<mechanism>ANONYMOUS</mechanism>
</mechanisms>
<compression xmlns="http://jabber.org/features/compress">
<method>zlib</method>
</compression>
<ver xmlns="urn:xmpp:features:rosterver"/>
<c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="PXeYICjasirLLF1A4CuJ8nUI6QI="/>
</stream:features>

OUT
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">
<hidden xmlns="xmpp.js"/>
</auth>

IN
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
status opening 
status open <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="example.com" id="9gu8hocl7j" xml:lang="en" version="1.0"/>

IN
<stream:features xmlns="http://etherx.jabber.org/streams">
<compression xmlns="http://jabber.org/features/compress">
<method>zlib</method>
</compression>
<ver xmlns="urn:xmpp:features:rosterver"/>
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
<session xmlns="urn:ietf:params:xml:ns:xmpp-session">
<optional/>
</session>
<sm xmlns="urn:xmpp:sm:2"/>
<sm xmlns="urn:xmpp:sm:3"/>
<c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="PXeYICjasirLLF1A4CuJ8nUI6QI="/>
</stream:features>

OUT
<iq type="set" id="8565xkvf8o" xmlns="jabber:client">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
</iq>

IN
<iq type="error" id="8565xkvf8o" from="example.com" to="example.com/9gu8hocl7j" xmlns="jabber:client">
<error code="401" type="auth">
<not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>

Environment node v12.18.3 @xmpp/client v0.12.0 Server: Openfire 4.6.2, build b61bce3, configured with a valid TLS certificate for the domain I’m using. OS: macOS Catalina 10.15.7

Additional information This is a follow-up bug-report of #889 . I disabled starttls server side to be able to continue the connection attempt. This issue might even be the hidden cause of #889. Turns out: it isn’t.

I’ve been debugging the handshakes and communication between xmpp.js and Openfire all day and I couldn’t find a clear culprit. However, clients like Adium and Psi are able to connect to the same Openfire instance, so I guess it is something that the client library should handle.

I found that it doesn’t make a difference whether a resource is specified by the client. I also found that it doesn’t make a difference whether SASL type of ANONYMOUS or PLAIN is used (both pass the authentication but fail at the resource binding step).

When comparing a Psi connection setup vs. an xmpp.js one, the only notable difference was that Psi was not using the jabber:client namespace and was using a hardcoded id of bind_1 (which, funny, is the one used in the XMPP specification’s example) for the bind iq message. So:

Psi:

<iq type="set" id="bind_1">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
<resource>My-PC</resource>
</bind>
</iq>

xmpp.js:

<iq type="set" id="mx0orjlepn" xmlns="jabber:client">
<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
<resource>My-PC</resource>
</bind>
</iq>

The specification also doesn’t include the jabber:client namespace on the iq element, so that might be the issue. I’ve been unable to find a way to strip that xmlns off that single iq element though as it seems pretty heavily entangled within the library…

Any help would be highly appreciated as I’m now completely stuck 😦