> The MySQL case is harder because OAuth assumes HTTP requests. I know > some folks were thinking about XMPP+OAuth, anybody know what the > conclusions were?
Yup, we cleaned up XEP-0235 (http://xmpp.org/extensions/xep-0235.html) and it's in use within Fire Eagle. The OAuth library for Ruby (http://github.com/mojodna/oauth, `gem install oauth`) includes a command-line application that will generate signatures, HTTP headers, and XMPP stanzas in order to ease development (as well as providing a way to initiate the authorization flow). Switchboard (http://github.com/mojodna/switchboard), my command-line tool for interacting with XMPP servers, supports OAuth-signed requests as well. The upshot (relevant for anything w/ a username/password combo) is that we can re-use the existing authorization flow (over HTTP) to obtain access tokens. Once tokens have been obtained, it's up to the application / protocol in question to define a means of using them. At its most basic, that could mean using access tokens / secrets as alternatives to usernames and passwords, but it could also mean defining a protocol-specific signing mechanism (as XEP-0235 does). seth --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
