(from the other thread)
it can in principle be used by something that sits in front of a SASL service and handles the user interaction and takes temporary possession of the resulting token, but we're not aware of anything that actually does thatI don't think I fully understand, but this might be one of these
An OAuth2/OpenID Connect (OIDC) Authorization Server on top of Prosody’s usual internal authentication backend.
modules.prosody.im/mod_http_oauth2
Uses SASL PLAIN for Prosody to get the username and password, and then pass it along to the OAuth2 service
modules.prosody.im/mod_auth_oauth_external