There is a OAuth binding to SASL 
https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 
<https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19>

Google supports it for IMAP/SMTP,  I think the latest iOS and OSX mail client 
updates use it rather than passwords for Google.
I also noticed Outlook on Android using it.

The access token might be a signed or encrypted JWT itself.  I don’t know that 
wrapping it again necessarily helps.

Yes we should have bindings to other non http protocols.  

Is there something specific that you are looking for that is not covered by 
SASL?

John B.



> On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <[email protected]> wrote:
> 
> At the moment we only HTTP binding to transport the access token (please 
> correct me if not)..
> 
> This creates a dependency on the transport.
> 
> How about creating a JWT binding for OAuth 2.0..? We can transport the access 
> token as an encrypted JWT header parameter..?
> 
> 
> Thanks & Regards,
> Prabath
> 
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena 
> <http://www.linkedin.com/in/prabathsiriwardena>
> 
> Mobile : +1 650 625 7950
> 
> http://blog.facilelogin.com <http://blog.facilelogin.com/>
> http://blog.api-security.org 
> <http://blog.api-security.org/>_______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to