[jdev] "Add Account"URI?

Peter Saint-Andre stpeter at stpeter.im
Thu Nov 3 18:17:13 UTC 2016

On 11/3/16 9:04 AM, Marcel Waldvogel wrote:
> Hi,
> we're looking into using XMPP together with (passwordless) single sign
> on mechanisms such as Shibboleth (SAML).
> As most (all?) clients only support password authentication, this cannot
> be used directly. Implementing Shibboleth is also not trivial, so it is
> unlikely we can convince a large portion of the developers to do so.
> We are therefore looking into creating per-application passwords on a
> web page. To make this easy, it would be nice if applications were to
> supported a URI like xmpp:romeo at montague.net?addaccount;password=Jul13t
> <file://romeo@montague.net?addaccount;password=Jul13t>, as an extension
> to XEP-0147.
> This would be much easier to implement and would — for the user — make
> adding an account almost as simple as native SSO support.
> What do you think?

Putting passwords in URLs is a bad idea. :-)


More information about the JDev mailing list