[Standards] XMPP OAuth2 login at Google

Justin Karneges justin at affinix.com
Mon Sep 17 19:58:12 UTC 2012

On Monday, September 17, 2012 01:39:46 PM Peter Saint-Andre wrote:
> On 9/17/12 1:36 PM, Ralph Meijer wrote:
> > On 2012-09-17 21:10, Randy Turner wrote:
> >> PLAIN is going to be deprecated, even though TLS is pretty much
> >> ubiquitous?
> > 
> > This has to do with their intent to ban the use of passwords in
> > applications and rely on 2-step verification with OAuth2 bearer
> > tokens.
> Right. Google is deprecating PLAIN for their service (hey, 2-factor is
> good), but PLAIN is not being deprecated for XMPP in general. Yet... ;-)

I guess this is like Windows Live. It would be nice if they'd converge on the 
same SASL mechanism.

It's still a mystery to me how OAuth makes sense outside of a browser though. 
What is a client like Psi supposed to do? Open its own embedded browser? 
Invoke the "default" browser and interact with it to obtain the token? At 
least Windows Live expects login via HTML form. I just assume it would be the 
same with Google.


More information about the Standards mailing list