Yes, you would need to implement XEP-235 to do this. Unfortunately, it appears that no one has implemented this in any XMPP server or client, and the standard is officially deferred / not recommended for implementation. I agree that this is a very desirable feature and hope the XMPP community gets moving forward on how to do this again… for now it appears to be stalled.
If there are alternate strategies for implementing a modern web based single sign on with XMPP chat I’d love to hear them. For Oauth you’re basically using a SAML or OpenID authentication to access a form that issues the Oauth token to you, so perhaps it would be possible to make a separate website that integrates with whichever tool and then sets the password in Openfire. Except then you would need to provide for robust revocation, which is a core part of Oauth, so this might not be doable.
For now my users have to maintain a separate userid and password for the chat service because it can’t leverage our enterprise SAML/OpenID implementation. (LDAP isn’t an option, it needs to be a claims based system)