Hi,
I can’t find a way to create an issue for smack, so i write here.
It seems that SCRAM auth is broken as I found with the help of Tigase server staff. Please see the original issue at https://projects.tigase.org/issues/4678. It contains also a link to the test code.
In particular it seems that smack sends the illegal 0x20 space character in the nonce part. See https://tools.ietf.org/html/rfc5802#section-7 for legal characters.
For example:
n,,n=alice,r=D3Nqf7meC 8g'Hey*v>d!}$k5bUjyh<%
When this happens the login with valid credentials fails.