[jdev] oAuth equivalent for for XMPP?
Simon Tennant (buddycloud)
simon at buddycloud.com
Sat Dec 11 04:31:02 CST 2010
Recently I have been working with a different developers who are trying
to build bosh-based buddycloud-channels into their own websites.
The problem is:
A user needs to log-into a website using their jid. A thrid-party
website (eg: channels.example.com) asking for your jid and password
(joe at gmail.com) should scare any sensible user and worry xmpp operators
that $RANDOMWEBSITE is asking for their user's credentials.
Additionally, we also have a problem in that users need to log-in
repeatedly to access anything that uses a BOSH connection. While one can
debate the merits of this, users are more familiar to an experience
where they have to reauthenticate infrequently.
So I guess the questions that arise are:
* How do we protect against rogue websites saving your password?
What practices are other xmpp website developers using?
* Is there an oAuth equivalent for XMPP?
* What best practices are websites using to save the user logging in
repeatedly each time the BOSH connection is destroyed (leaving the
page)?
S.
--
Simon Tennant
mobile: +49 17 8545 0880
office: +44 20 7043 6756
office: +49 89 4209 55854
channel:http://buddycloud.com/user/buddycloud.com/simon
xmpp:simon at buddycloud.com
mailto:simon at buddycloud.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20101211/ad328481/attachment.htm>
More information about the JDev
mailing list