Can you share what the actual request looks on the wire? How are you passing the Kerberos authentication in the request? What do you set the grant type to?
EHL > -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Wednesday, January 26, 2011 2:02 PM > To: Eran Hammer-Lahav > Cc: Torsten Lodderstedt; OAuth WG > Subject: Re: [OAUTH-WG] How to integrated DIGEST or SPNEGO with > tokensendpoint? > > On Wed, Jan 26, 2011 at 9:07 AM, Eran Hammer-Lahav > <[email protected]> wrote: > > Can you share an actual example of how you are authenticating *both* the > resource owner and client in a single request? > > That's not a business requirement. > > So the desired flow goes like this: > > kerberos (or other magic sauce) authentication -> access token > > not like this: > > client authentication + kerberos authentication -> access token > > and definitely not like this: > > client authentication + kerberos authentication -> refresh token > > If we did see a need to authenticate the client, we would use the same > mechanisms as normal: client_id and client_secret, or else client_assertion. > > (Curious to know if other people looking at these problems break it down the > same way.) > > Cheers, > Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
