Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login with cookie #290

Open
robotnic opened this issue Jan 28, 2015 · 2 comments
Open

Login with cookie #290

robotnic opened this issue Jan 28, 2015 · 2 comments

Comments

@robotnic
Copy link

My client uses xmpp and maybe will also use rest.

How to login?

For xmpp at the moment I need username and password.
To have passwords in cookies is not really state of the art.

After rest login I have a "credentials" cookie and I would like to use this cookie for xmpp login.
Does that kind of auth already exist?

It would be easy to send the sessionid as password.

The implementation should be easy using json_http
https://github.com/scastillo/prosody-mod_auth_json_http

socket.send(
'xmpp.login',
{
"jid": "test@evilprofessor.co.uk",
"password": "sessionid"
}
)

Any suggestions on that?
@imaginator
Copy link
Member

This is an interesting suggestion and something that I've been worried about for a while.

Would you see it as:

  • login with username password
  • get back string
  • write string to cookie
  • use string to reauthenticate

Would any of the oauth2 bits (https://developers.google.com/talk/jep_extensions/oauth) help us here?

@robotnic
Copy link
Author

That looks good.

@robotnic robotnic mentioned this issue Jan 30, 2015
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robotnic @imaginator