We have an existing OAuth2 based website. Our plan is to use a web based (XMPP over websockets) chat system.
now this chat system will be available once the user logs in. What we actually do not want is to login twice, once for the web site and once for the chat system. So I figured how to trick it with my own auth provider and a custom username/password. So basically the question is how do I have an object that I want to travel along with the user chat session so that I can provide out of band processing. Does the session management allow this?