Irenes (many)so we feel like we might want to go to the trouble of drafting an OAUTHDEVICE SASL method and proposing it to the IETF
OAUTHBEARER is very nice for what it is but the world is more than just the web
walnut 🌱@ireneista
Not sure if this is relevant, but there is OAUTHBEARER SASL
www.rfc-editor.org/info/rfc7628
Not sure if this is relevant, but there is OAUTHBEARER SASL
www.rfc-editor.org/info/rfc7628
@ireneista
Ah, you're already aware
Ah, you're already aware
@ireneista
(from the other thread)
it can in principle be used by something that sits in front of a SASL service and handles the user interaction and takes temporary possession of the resulting token, but we're not aware of anything that actually does thatI don't think I fully understand, but this might be one of these
An OAuth2/OpenID Connect (OIDC) Authorization Server on top of Prosody’s usual internal authentication backend.
modules.prosody.im/mod_http_oauth2
Uses SASL PLAIN for Prosody to get the username and password, and then pass it along to the OAuth2 service
modules.prosody.im/mod_auth_oauth_external
(from the other thread)
it can in principle be used by something that sits in front of a SASL service and handles the user interaction and takes temporary possession of the resulting token, but we're not aware of anything that actually does thatI don't think I fully understand, but this might be one of these
An OAuth2/OpenID Connect (OIDC) Authorization Server on top of Prosody’s usual internal authentication backend.
modules.prosody.im/mod_http_oauth2
Uses SASL PLAIN for Prosody to get the username and password, and then pass it along to the OAuth2 service
modules.prosody.im/mod_auth_oauth_external
@ireneista
Neither are probably useful to you, I just thought it might be interesting to know that there's at least someone using SASL PLAIN to 'mitm' the credentials and pass them along to the OAuth service
Neither are probably useful to you, I just thought it might be interesting to know that there's at least someone using SASL PLAIN to 'mitm' the credentials and pass them along to the OAuth service
@walnut it's nice to know, yeah