[jdev] Question about XMPP authentication

Trejkaz trejkaz at trypticon.org
Tue Jun 6 01:28:14 CDT 2006


On 05/06/2006, at 20:31 PM, Nguyen TV wrote:

> There is one problem with this approach -- it requires the user to  
> give their
> password to your server.  A better approach might be having your  
> server send
> a one-use token to that user via XMPP, and having them enter that.   
> Then you
> can prove they own the JID without them having to sacrifice their  
> password.
>
> Trejkaz, can you explain more about that approach? I have found  
> this article which is about x google token. Is that what you mean??
> http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token- 
> and-why-it-matters/

Google's is certainly one way.  Another is a documented JEP:

http://www.jabber.org/jeps/jep-0070.html

TX

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060606/af082f4a/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060606/af082f4a/attachment-0002.pgp>


More information about the JDev mailing list