What is XOauth and its relationship with OAuth?

Some OpenSocial containers use xoauth_security_token for signing requests, instead of oauth_token and oauth_token_secret.

Is XOauth an alternative to OAuth?(*) Who is behind XOauth and where is the official spec?

Casual Googling only lead me to xoauth.py from google-mail-xoauth-tools project which just states it's a "utilities for XOAUTH authentication".

(*)Aside: it mustn't开发者_StackOverflow be, because the container uses other oauth_xxx parameters alongside the xoauth_xxx ones.

Where did you see the use of xoauth_security_token? I googled it and did not get a single hit.

XOAuth is a SASL authentication mechanism which is based on OAuth signatures. It can be used for SMTP or IMAP authentication for instance. There's also a proposal to make it an IETF standard, as an official SASL mechanism. It is supported by Google and works well with Gmail for SMTP and IMAP access.

For more information how to implement and use it:

http://code.google.com/apis/gmail/oauth/protocol.html

HTH.

XOAUTH is a Microsoft extension to OAuth protocol. http://msdn.microsoft.com/en-us/library/hh745374(v=exchg.80).aspx

Is used e.g. in Exchange + Sharepoint + Lync integration.