[jdev] oAuth equivalent for for XMPP?
jonathan at dickinsons.co.za
Mon Dec 13 03:20:07 CST 2010
?(Sorry for top-reply, live.com has problems with signed emails)
It's quite possible to XMPP-ize OAuth. Just took a look at the protocol
1. printer.example.com advertises OAuth feature (http://oauth.net/:o-auth).
2. Client selects O-AUTH and provides server/URL in a SASL-like payload
3. printer.example.com does a GET against the URL and looks for a META tag
("urn:tmp:xmpp") that contains the target XMPP server
(xmpp.tcp.photos.example.com; or photos.example.com:5252).
3.1. If the META tag is not found, printer.example.com probably comes back
3.2. It might even be a good idea to send a hint along in the GET request
(ACCEPT: text/html; text/html+xmpp) so that the server only sends back the
HTML and META tags.
4. printer.example.com contacts photos.example.com:5252 and requests
5. photos.example.com sets up E2E encryption with client.
6. The request is authorized over this channel (using XEP0004).
7. photos.example.com informs printer.example.com of success.
I don't know if a XEP for (3) exists; at any rate it is immensely useful for
XMPP-izing protocols like OAuth (heck, we could even get OpenID to work the
same way as this).
From: "Jonathan Schleifer" <js-jdev at webkeks.org>
Sent: Sunday, December 12, 2010 2:19 PM
To: "Jabber/XMPP software development list" <jdev at jabber.org>
Subject: Re: [jdev] oAuth equivalent for for XMPP?
> JDev mailing list
> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
More information about the JDev