[Standards] XMPP OAuth2 login at Google

Peter Saint-Andre stpeter at stpeter.im
Tue Sep 18 17:51:58 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/18/12 11:25 AM, Hannes Tschofenig wrote:
> On 09/18/2012 08:21 PM, Peter Saint-Andre wrote:
>>> (Btw, the current XMPP OAuth XEP is also insecure...)
>> Calling it "current" is a bit of a stretch.:)  It was deferred
>> for inactivity quite some time ago. At this point, any use of
>> OAuth in XMPP would likely be based on the SASL mechanism.
> 
> I didn't know.

Well, Hannes, you can't know everything. ;-)

> I even thought that it covered an entirely different use case,
> namely between two endpoints rather than between the end host and
> the XMPP server (whatever the right XMPP terminology here is).

True, but it seems that few people are interested in those use cases
(e.g., using OAuth for authorization to join a chatroom).

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBYtL0ACgkQNL8k5A2w/vwsSgCgna6QzPj8HywVJ2STlxLvoIN9
uLcAoIm2NsnpY78r2AyGA8A8Ppfek5+k
=wNlR
-----END PGP SIGNATURE-----



More information about the Standards mailing list