Link to blogpost about client cert auth

docs/source/configuration.rst

@@ -56,6 +56,11 @@ That's because this setting is intended to be used when you are using
 SASL-EXTERNAL as authentication mechanism, in which case a password is usually
 not required.
 
+SASL-EXTERNAL is generally used together with x509 client certificates to
+enable passwordless login or 2-factor authentication.
+
+For more details on this, `read this blog post <https://opkode.com/blog/strophe_converse_sasl_external/>`_.
+
 anonymous
 ~~~~~~~~~
 

docs/source/features.rst

@@ -96,3 +96,12 @@ Here are the different commands that may be used in a chat room:
 +------------+----------------------------------------------------------------------------------------------+---------------------------------------------------------------+
 | **voice**  | Allow a muted user to post messages to the room.                                             | /voice $nickname [$reason]                                    |
 +------------+----------------------------------------------------------------------------------------------+---------------------------------------------------------------+
+
+Passwordless login with client certificates
+===========================================
+
+Converse.js supports the SASL-EXTERNAL authentication mechanism, which can be
+used together with x509 client certificates to enable passwordless login or
+even 2-factor authentication.
+
+For more info, `read this blog post <https://opkode.com/blog/strophe_converse_sasl_external/>`_.