[jdev] Question about XMPP authentication

Trejkaz trejkaz at trypticon.org
Tue Jun 6 01:28:14 CDT 2006

On 05/06/2006, at 20:31 PM, Nguyen TV wrote:

> There is one problem with this approach -- it requires the user to  
> give their
> password to your server.  A better approach might be having your  
> server send
> a one-use token to that user via XMPP, and having them enter that.   
> Then you
> can prove they own the JID without them having to sacrifice their  
> password.
> Trejkaz, can you explain more about that approach? I have found  
> this article which is about x google token. Is that what you mean??
> http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token- 
> and-why-it-matters/

Google's is certainly one way.  Another is a documented JEP:



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060606/af082f4a/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060606/af082f4a/attachment-0002.pgp>

More information about the JDev mailing list