[jdev] "Add Account"URI?
Peter Saint-Andre
stpeter at stpeter.im
Thu Nov 3 18:17:13 UTC 2016
On 11/3/16 9:04 AM, Marcel Waldvogel wrote:
> Hi,
>
> we're looking into using XMPP together with (passwordless) single sign
> on mechanisms such as Shibboleth (SAML).
>
> As most (all?) clients only support password authentication, this cannot
> be used directly. Implementing Shibboleth is also not trivial, so it is
> unlikely we can convince a large portion of the developers to do so.
>
> We are therefore looking into creating per-application passwords on a
> web page. To make this easy, it would be nice if applications were to
> supported a URI like xmpp:romeo at montague.net?addaccount;password=Jul13t
> <file://romeo@montague.net?addaccount;password=Jul13t>, as an extension
> to XEP-0147.
>
> This would be much easier to implement and would — for the user — make
> adding an account almost as simple as native SSO support.
>
> What do you think?
Putting passwords in URLs is a bad idea. :-)
Peter
More information about the JDev
mailing list