[jdev] Question about XMPP authentication
Trejkaz
trejkaz at trypticon.org
Tue Jun 6 01:28:14 CDT 2006
On 05/06/2006, at 20:31 PM, Nguyen TV wrote:
> There is one problem with this approach -- it requires the user to
> give their
> password to your server. A better approach might be having your
> server send
> a one-use token to that user via XMPP, and having them enter that.
> Then you
> can prove they own the JID without them having to sacrifice their
> password.
>
> Trejkaz, can you explain more about that approach? I have found
> this article which is about x google token. Is that what you mean??
> http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token-
> and-why-it-matters/
Google's is certainly one way. Another is a documented JEP:
http://www.jabber.org/jeps/jep-0070.html
TX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20060606/af082f4a/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://www.jabber.org/jdev/attachments/20060606/af082f4a/attachment-0002.pgp>
More information about the JDev
mailing list