Authenticating with a server
As we saw earlier, the server stream setup response advertises a set of mechanisms by which the client can authenticate using SASL. SASL is a standard that, in theory, can support any authentication mechanism that supports the SASL standard.
Currently, you are most likely to see PLAIN or DIGEST-MD5 mechanisms being advertised, but there are several others becoming more popular as awareness in security improves (for example, SCRAM-SHA-1). Some servers will even allow users to authenticate as an anonymous user by advertising the ANONYMOUS authentication mechanism.
Recall that the last portion of a fully formed JID is the resource. Once authentication has completed, the client attempts to bind its connection to that resource. A specific resource (for example, DeLorean) may be requested by the client (this, however, may be overwritten by the server), or a random resource may be supplied instead.
