[Standards] XMPP OAuth2 login at Google

Randy Turner rturner at amalfisystems.com
Mon Sep 17 19:10:20 UTC 2012

PLAIN is going to be deprecated, even though TLS is pretty much ubiquitous?

RandyRalph Meijer <ralphm at ik.nu> wrote:On 2012-09-13 19:20, Peter Saint-Andre wrote:
> Hash: SHA1
> On 9/11/12 4:24 PM, Lance Stout wrote:
>> It's a bit annoying that they add an extra attribute to the <auth
>> /> element, because it adds a special case to check in what would
>> ideally be a fully generic implementation. Fortunately, it doesn't
>> seem to be required for now.
> Namespaced attributes can also be problematic, and as an author of RFC
> 6648 I really don't like the name "X-OAUTH2".
> One hopes that they might eventually migrate to the standardized
> mechanism being defined at the IETF:
> http://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/

In this light, the fact that X-GOOGLE-TOKEN and PLAIN will be deprecated 
soonish [1] is very interesting. I'd hope we can convince them to do 
this the standard way before clients have to implement their botched 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20120917/82a5cd35/attachment.html>

More information about the Standards mailing list