[jdev] OAuth and XMPP

Sylvain Hellegouarch sh at defuze.org
Mon Jul 28 11:56:46 CDT 2008

Peter Saint-Andre a écrit :
> Sylvain Hellegouarch wrote:
>> Peter Saint-Andre a écrit :
>>> Sylvain Hellegouarch wrote:
>>>> Hi all,
>>>> Following Peter last blog note [1] and XEP-0235, I'm pleased there is a
>>>> formal definition on how to couple OAuth with XMPP but I'm somewhat
>>>> disconcerted by the fact that the definition is per XMPP service. Why?
>>>> XEP-035 specifies for a few of them (PubSub, MUC and Registration) 
>>>> but I'm
>>>> wondering if that wouldn't have made more sense to define a service 
>>>> on its
>>>> own.
>>> Do you mean that an XMPP server could offer a generalized OAuth 
>>> service for use by things like pubsub components, MUC components, and 
>>> the XMPP server itself?
>> Yes.
> Could you expand a bit on what you mean by that? I don't think XEP-0235 
> (which I'm currently updating to reflect our discussions in Portland) 
> disallows a standalone OAuth service that's used by servers and 
> components, but that model seems to be a bit more sophisticated and 
> complex.
> /psa

Right. I can see it would indeed make it more complex and would prevent 
the solution to be implemented and deployed reasonnably soon.

However I didn't mean your XEP was forbidding a standalone service, 
perhaps a note in that spirit would make it clear that indeed you can 
write such service.

- Sylvain

More information about the JDev mailing list