[jdev] OAuth and XMPP

Peter Saint-Andre stpeter at stpeter.im
Mon Jul 28 16:29:47 CDT 2008


Gaston Dombiak wrote:
> Hey Peter,
> 
> I’m fine with not having those flows explained in the next version of 
> the XEP. However, are we going to explain that tokens need to be 
> validated and that more flows with other Oauth servers will be needed? 
> My knowledge of OAuth went from 0% to 1% in the last weeks so I guess 
> that adding some basic explanation of how things work is going to be 
> useful for implementors that are no OAuth expert.

Yes there will be more examples and flows added to XEP-0235. :)

AFAICS, the basic idea is that your (say) pubsub service would act as an 
OAuth "Service Provider" -- you could ask it for OAuth Request Tokens, 
ask it to verify OAuth Access Tokens, etc.

Or so it seems to me...

/psa


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20080728/e4fcd78d/attachment-0002.bin>


More information about the JDev mailing list