Torsten, The URI represents an end-user at a domain. Through this assertion the provider is able to verify the magic signature and thus confirm user dbounds at host cliqset.com has requested an access token.
References: http://code.google.com/p/webfinger/wiki/WebFingerProtocol http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-salmon-00.html http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html On Thu, Jul 29, 2010 at 2:40 AM, Torsten Lodderstedt <[email protected]> wrote: > Darren, > > I have got some questions regarding your posting, esp. the assertion. >> >> 1) cliqset.com would like to request an access token from google.com. >> Sends a request with grant_type=assertion. >> >> Request: >> POST /token HTTP/1.1 >> Host: google.com >> Content-Type: application/x-www-form-urlencoded >> >> grant_type=assertion&assertion_type=http://webfinger.org/&; >> >> assertion=eyJ1cmkiOiAiYWNjdDpkYm91bmRzQGNsaXFzZXQuY29tIiwibWFnaWNfc2lnbmF0dXJlIjogImFzZGxra2xhZnNkamtsZHNmamxraj0ifQ== >> >> The assertion value in the request is a Base64 encoded JSON string >> with two properties, uri and magic_signature. Example: >> >> { >> "uri": "acct:[email protected]", >> "magic_signature": "asdlkklafsdjkldsfjlkj=" >> } >> >> > > What is the meaning of the assertion? Does the uri represent an end-user or > the client? > How does the assertion represent an authorization, given that you try to > make end-user authorization via browser redirect an optional step. > > regards, > Torsten, > > -- darren bounds [email protected] _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
