чт, 14 февр. 2019 г. в 17:09, Ivan Vučica <[email protected]>:
> An advantage is that OAuth2 tokens are scoped. Such a token could in > future be scoped for XMPP or for subsets of XMPP operations — or even for > other services. Because of the split between short lived access and refresh > token, revocation becomes an easy webui operation. > > And because login happens through a web UI, 2FA for first login becomes > easy and not (necessarily) dependent on the client UI. > I'm strongly against addressing XMPP problem by means of other protocols. Besides obvious complications in situations where one protocol is blocked and not the other. Also, If you imply that you can easily assure user that you're not trying to steal users's password, that is just plain wrong. While user in a real browser can chech bowrser window URL and, trusting his broweser, be sure that he's trying to log in to an authentic website, native apps can just open a webview window and user won't see if it's an authentic website or a phishing proxy. -- Ненахов Андрей Директор ООО "Редсолюшн" (Челябинск) (351) 750-50-04 http://www.redsolution.ru
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
