[Standards] XMPP OAuth2 login at Google

Peter Saint-Andre stpeter at stpeter.im
Thu Sep 13 17:20:39 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/11/12 4:24 PM, Lance Stout wrote:
> It's a bit annoying that they add an extra attribute to the <auth
> /> element, because it adds a special case to check in what would
> ideally be a fully generic implementation. Fortunately, it doesn't
> seem to be required for now.

Namespaced attributes can also be problematic, and as an author of RFC
6648 I really don't like the name "X-OAUTH2".

One hopes that they might eventually migrate to the standardized
mechanism being defined at the IETF:

http://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/

> On Sep 11, 2012, at 3:15 PM, Arc Riley <arcriley at gmail.com 
> <mailto:arcriley at gmail.com>> wrote:
> 
>> FYI, Google recently documented their X-OAUTH2 SASL method;
>> 
>> https://developers.google.com/talk/jep_extensions/oauth
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBSFecACgkQNL8k5A2w/vwWgQCgqNuZg5yCwT7xVJffWZjnhxng
UIAAoLGCazpNi7qnMTsnzNZkFsnKnNLh
=Lb3e
-----END PGP SIGNATURE-----



More information about the Standards mailing list