[Standards] XMPP OAuth2 login at Google
rturner at amalfisystems.com
Mon Sep 17 19:10:20 UTC 2012
PLAIN is going to be deprecated, even though TLS is pretty much ubiquitous?
RandyRalph Meijer <ralphm at ik.nu> wrote:On 2012-09-13 19:20, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 9/11/12 4:24 PM, Lance Stout wrote:
>> It's a bit annoying that they add an extra attribute to the <auth
>> /> element, because it adds a special case to check in what would
>> ideally be a fully generic implementation. Fortunately, it doesn't
>> seem to be required for now.
> Namespaced attributes can also be problematic, and as an author of RFC
> 6648 I really don't like the name "X-OAUTH2".
> One hopes that they might eventually migrate to the standardized
> mechanism being defined at the IETF:
In this light, the fact that X-GOOGLE-TOKEN and PLAIN will be deprecated
soonish  is very interesting. I'd hope we can convince them to do
this the standard way before clients have to implement their botched
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards