[webteam] auth idea
Tobias Markmann
tmarkmann at googlemail.com
Mon Jan 28 14:56:23 CST 2008
On Mon, Jan 28, 2008 at 9:48 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> At the last meeting we talked about website authentication. Here is the
> general idea:
>
> 1. User visits www.jabber.org
>
> 2. There is a special authentication link, like this:
>
> xmpp:auth at jabber.org?message;body=token
>
> Where "auth at jabber.org" is the address for our special "AuthAgent".
>
> 3. User's Jabber client (or browser plugin?) sends XMPP message
> containing token to AuthAgent.
>
> 4. AuthAgent receives XMPP message and passes it to Drupal, probably via
> hook_auth, see:
>
> http://mail.jabber.org/pipermail/webteam/2007-November/000609.html
>
> 5. Drupal reloads page (or some fancier Ajax function happens) and logs
> in the user.
>
> I think this is an accurate summary of the general idea, but correct me
> if I'm wrong. See also this thread for related conversation:
>
> http://mail.jabber.org/pipermail/standards/2008-January/017472.html
>
> Peter
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>
This might work with just with class.jabber.php which connects to a
XMPP server, waits some time (1 minute) for the auth response and the
hook_auth function could. In this case it could be nice to put the
auth token just in the resource of the jid connecting to the XMPP
server.
Tobias
More information about the webteam
mailing list