[jdev] http binding and digest authentication

Adrian Ionut Beschea flashbk2003 at yahoo.com
Tue Jun 6 10:03:01 CDT 2006


Hello, 
  
  I want to connect my IM client to the IM server through http-binding. 
  As stated in the jep 012, I wrap the stanzas with the 'body'  node. 
  Problem is that I receive this iq : 
  
  <body xmlns="http://jabber.org/protocol/httpbind"><iq  xmlns="jabber:client" id="log_user_1" type="result"><query  xmlns="jabber:iq:auth"><username>test</username><password  /><digest  /><sequence>498</sequence><token>4228A8E4</token><resource  /></query></iq></body>
  
   How should I complete the digest field ? 
  I tried looking through the jeps but got lost :)
  
  
  Thanks. 
  
  
Trejkaz <trejkaz at trypticon.org> wrote:  
On 05/06/2006, at 20:31 PM, Nguyen TV wrote:

There is one problem with this approach -- it requires the user to give their
password to your server.  A better approach might be having your server send 
a one-use token to that user via XMPP, and having them enter that.  Then you
can prove they own the JID without them having to sacrifice their password.


 Trejkaz, can you explain more about that approach? I have found this article which is about x google token. Is that what you mean??
 http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token-and-why-it-matters/


Google's is certainly one way.  Another is a documented JEP:


http://www.jabber.org/jeps/jep-0070.html


TX




 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060606/e66684cb/attachment-0002.htm>


More information about the JDev mailing list