
Password-less authentication with XMPP - goffi
https://blog.agayon.be/xmpp_auth_django_demo.html#sf-xmpp_auth_django_demo-1-back
======
JepZ
At first I found it a little awkward, but after trying it, I think it works
very well (e.g. much better than email due to instant nature of XMPP). I just
don't know how vulnerable this extension is to spam.

------
rendx
I really like this! Too bad XMPP didn't become more popular, and unfortunately
it feels like it is slowly dying rather than getting more widespread. Like any
other open protocol.

For some reason it didn't work the first time I tried, the website just waited
forever even though I confirmed the token. The second try worked fine, using
Pidgin, with manual confirmation.

------
JepZ
I was wondering what this could be good for, but then I noticed that sharing
my XMPP account password with some strange website would be a bad idea.
Instead giving them session based access to my account could be acceptable.

I am curious what the author is planning to build on top of that.

~~~
Shoothe
You are only giving the site your JID (username) not password and it verifies
that you control the JID so you really are jepz@example.com

~~~
Zash
Indeed, it should be comparable to authentication by token or link sent via
email.

------
stuaxo
Great, does Empathy on GNOME support this?

Also Pigeon ?

Two quite big players in the open source world.

~~~
Shoothe
It transparently uses messages if a messanger does not implement the XEP so
anything supports it. Just without the fancy UI.

------
rekoros
But Matrix, Matrix!

Everybody should be using Matrix.

~~~
JepZ
Actually, I don't quite like Matrix and mostly just for one reason. While
decentralized communication isn't easy nowadays, they drive the protocol split
that parts the developer community. Now devs have to decide if they want to
build a XMPP or a Matrix product. Before there was just one IM protocol that
was a reasonable solution for that kind of problem.

Yes, XMPP didn't have all the extension required to build cool mobile/web apps
back in 2012. But instead of pushing XMPP they decided to invent something
completely new with just the same purpose.

~~~
rekoros
Yeah, bad sarcasm skills on my part

