[Standards] XMPP OAuth2 login at Google

Ralph Meijer ralphm at ik.nu
Mon Sep 17 18:40:51 UTC 2012


On 2012-09-13 19:20, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 9/11/12 4:24 PM, Lance Stout wrote:
>> It's a bit annoying that they add an extra attribute to the <auth
>> /> element, because it adds a special case to check in what would
>> ideally be a fully generic implementation. Fortunately, it doesn't
>> seem to be required for now.
>
> Namespaced attributes can also be problematic, and as an author of RFC
> 6648 I really don't like the name "X-OAUTH2".
>
> One hopes that they might eventually migrate to the standardized
> mechanism being defined at the IETF:
>
> http://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/

In this light, the fact that X-GOOGLE-TOKEN and PLAIN will be deprecated 
soonish [1] is very interesting. I'd hope we can convince them to do 
this the standard way before clients have to implement their botched 
version.

[1] 
<http://googledevelopers.blogspot.nl/2012/09/adding-oauth-20-support-for-imapsmtp.html>

-- 
ralphm



More information about the Standards mailing list