There is a OAuth binding to SASL https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 <https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19>
Google supports it for IMAP/SMTP, I think the latest iOS and OSX mail client updates use it rather than passwords for Google. I also noticed Outlook on Android using it. The access token might be a signed or encrypted JWT itself. I don’t know that wrapping it again necessarily helps. Yes we should have bindings to other non http protocols. Is there something specific that you are looking for that is not covered by SASL? John B. > On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <[email protected]> wrote: > > At the moment we only HTTP binding to transport the access token (please > correct me if not).. > > This creates a dependency on the transport. > > How about creating a JWT binding for OAuth 2.0..? We can transport the access > token as an encrypted JWT header parameter..? > > > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > <http://www.linkedin.com/in/prabathsiriwardena> > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com <http://blog.facilelogin.com/> > http://blog.api-security.org > <http://blog.api-security.org/>_______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
