I've been mostly following the pattern in your XRD-Based OAuth Discovery Sneak Peek, where a client can discover how to interact with an OAuth token service in reaction to the OAuth challenge. What got me second-guessing this was a passing reference to OAuth in the example in XRD version 1.0.
I'm asking now because in the process of simplifying the UMA spec, I need to decide on some of the OAuth discovery mechanisms it will use. Paul On Wed, 2010-02-24 at 19:40 -0700, Eran Hammer-Lahav wrote: > No idea. I am not sure yet what the discovery requirements are. For > example, are clients expected to be familiar with each of the > token-obtaining profiles and just need a single URI for each supported > mechanism? XRD is useful for describing a bunch of links for such > endpoints, but it might just be that the discovery information can be > provided directly in the header. > > Until we know what OAuth 2.0 looks like, we can't really discuss > discovery much. > > Is there a reason why you are asking now? > > EHL > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > Behalf > > Of Paul C. Bryan > > Sent: Wednesday, February 24, 2010 9:30 AM > > To: [email protected] > > Subject: [OAUTH-WG] OAuth XRD? > > > > This is a message directed mostly at Eran: > > > > Is the OAuth 2.0 discovery mechanism still expected to be via a > "provider" > > attribute in the WWW-Authenticate header, or is host-meta expected > to > > take over? > > > > Paul > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
