[jdev] Question on login through OAuth

Peter Saint-Andre stpeter at stpeter.im
Sat May 18 16:33:21 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/18/13 8:37 AM, Jonas Wielicki wrote:
> Hi Stefano,
> 
> While there is no XEP explicitly supporting OAuth, there seem to
> be approaches for using OAuth with SASL, which is the default 
> authentication mechanism for XMPP.
> 
> So in principle, it should be possible to use OAuth, without
> hardcoding passwords etc.. However, there is probably no software
> out there yet supporting that. I'd suggest you take some web search
> on how to use OAuth with SASL and maybe implement/contribute to the
> standards which are currently in the making (I found some IETF
> draft for sasl+oauth,

https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/

It's currently in working group last call.

> and some github code by doing a simple web search). You'll probably
> also have to patch server software to support that, and in turn set
> up your own XMPP service for this to work.

Sounds right. Perhaps over time we'll see more XMPP servers, clients,
and libraries supporting it (once it becomes standardized at the IETF).

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRl61RAAoJEOoGpJErxa2pI4cQAJxqL2zu10fDLxz+RBItij5P
+gibGoAlyh8WpuN6NNyxgsw/KHMP0CtpOjJPwvynJ1RGxFhPeI3PPiuNDhHDhqjq
TJhFd87WczxipZ6/N2z4rfpIwF1Qr3BneB+da99C7jky8c19u0tIeOrUwETQKgNE
2ysMEqt/TUkfyaWbW2I04kWbh0Uam27diJUMNhGksWqJRPFzSaBVCiqOz/jucCXc
k+4uEASlcLjbZ9G6GGnZRE+qacBxyb6029YataX/P2OXeYUaVQAWq3jOw0MPWpAp
9XPBENFd4zPH2w9b622RSBbFKIxCo9jxFhC5ABEoQyKSN0bcLPNXc9qXzXdxRiod
bibxwAkeIzBsCtn0Aq0dGyqJy9/Lqx4ydwmJ+97DZljLqdRXhx0hkBG2zbqtquAM
PuwtwVT8NGrA5+iAvlV0/7i0kk2ofvpVSX8uwSpW2NzqbkzkwnW2of9jDOF9OEx0
YxfmyDOmWsrkNz8be1gHgT6cRoXZ9uf5xdme7btFB8ZccnrMiKOHkuAw94UPJsbV
668NstcGjzSN56MWqQ6VggeZTp/exDPpXcpBVB19ShSS/f1JQlvlPq+RJLZfX3g1
w0A3VymRiRmNDs3U5I0RzZ/Lx5zCGrvOk/ADt7EgXsCkcIRsMnQN0dsZe32C3Xfb
pWZJHzUPvEB6j/RrDfkJ
=4nAP
-----END PGP SIGNATURE-----

More information about the JDev mailing list