[IOT] Question: SASL EXTERNAL for client auth

Can anyone speak from experience on using SASL EXTERNAL for c2s connections? E.g. A client authenticating with a certificate rather than a password. Certificates seem more appropriate for managing many IoT cases. I can't find much — or any — information on SASL EXTERNAL support for most of the common servers and client implementations. So has anyone used certificate auth for XMPP clients? I'm particularly interested in the more common open source clients and servers – Smack, OpenFire, ejabberd, Prosody but any first-hand knowledge would be helpful. Thanks in advance. -Thom This email and any information disclosed in connection herewith, whether written or oral, is the property of EnerNOC, Inc. and is intended only for the person or entity to which it is addressed. This email may contain information that is privileged, confidential or otherwise protected from disclosure. Distributing or copying any information contained in this email to anyone other than the intended recipient is strictly prohibited.