I'm implementing an XMPP client for Google Talk that is using the relatively new X-OAUTH2 mechanism. I had the idea that I shouldn't need to store either username or password for the authentication to the service. However, Google's documentation for the X-OAUTH2 authentication states this is the initial <auth>
request to make:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="X-OAUTH2"
auth:service="oauth2"
xmlns:auth="http://www.google.com/talk/protocol/auth">
base64("\0" + user_name + "\0" + oauth_token)
</auth>
Note that it requires the "user_name" to be sent along with the token. Is there something I'm missing here? Or do I really have to have my application prompt for the username? (Note that the user would already have logged in via OAuth2 to receive the access token)
I don't know of any other service that uses OAuth that requires the client to provide a username. For instance, this same app can connect to Facebook Chat via XMPP and OAuth2 without needing the username to be provided in XMPP.
You don't need to prompt for username in your application. Just specify "SCOPE" parameter as "https://www.googleapis.com/auth/userinfo.email". Refer this. This will give you users email-ID in response along with token.
This Link has detailed explanation about Google Accounts Authentication and Authorization. Username and email-id is returned in getUserInfo() function which you can use in your application.