[jdev] http binding and digest authentication
Adrian Ionut Beschea
flashbk2003 at yahoo.com
Tue Jun 6 10:03:01 CDT 2006
Hello,
I want to connect my IM client to the IM server through http-binding.
As stated in the jep 012, I wrap the stanzas with the 'body' node.
Problem is that I receive this iq :
<body xmlns="http://jabber.org/protocol/httpbind"><iq xmlns="jabber:client" id="log_user_1" type="result"><query xmlns="jabber:iq:auth"><username>test</username><password /><digest /><sequence>498</sequence><token>4228A8E4</token><resource /></query></iq></body>
How should I complete the digest field ?
I tried looking through the jeps but got lost :)
Thanks.
Trejkaz <trejkaz at trypticon.org> wrote:
On 05/06/2006, at 20:31 PM, Nguyen TV wrote:
There is one problem with this approach -- it requires the user to give their
password to your server. A better approach might be having your server send
a one-use token to that user via XMPP, and having them enter that. Then you
can prove they own the JID without them having to sacrifice their password.
Trejkaz, can you explain more about that approach? I have found this article which is about x google token. Is that what you mean??
http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token-and-why-it-matters/
Google's is certainly one way. Another is a documented JEP:
http://www.jabber.org/jeps/jep-0070.html
TX
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20060606/e66684cb/attachment-0002.htm>
More information about the JDev
mailing list