Re: [jdev] Question about XMPP authentication

Mon, 05 Jun 2006 23:30:34 -0700


On 05/06/2006, at 20:31 PM, Nguyen TV wrote:

There is one problem with this approach -- it requires the user to give their
password to your server.  A better approach might be having your server send
a one-use token to that user via XMPP, and having them enter that.  Then you
can prove they own the JID without them having to sacrifice their password.

Trejkaz, can you explain more about that approach? I have found this article which is about x google token. Is that what you mean??
http://dystopics.dump.be/2006/02/04/the-mysteries-of-x-google-token-and-why-it-matters/

Google's is certainly one way.  Another is a documented JEP:


TX

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to