Thanks John for the pointer - will have look.. I am looking this for a pub/sub scenario.. Having JWT binding would benefit that..
Also - why I want access token to be inside a JWT is - when we send a JSON payload in this case, we already have the JWT envelope and the access token needs to be carried inside.. Thanks & regards, -Prabath On Tue, Apr 14, 2015 at 2:41 PM, John Bradley <[email protected]> wrote: > There is a OAuth binding to SASL > https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 > > Google supports it for IMAP/SMTP, I think the latest iOS and OSX mail > client updates use it rather than passwords for Google. > I also noticed Outlook on Android using it. > > The access token might be a signed or encrypted JWT itself. I don’t know > that wrapping it again necessarily helps. > > Yes we should have bindings to other non http protocols. > > Is there something specific that you are looking for that is not covered > by SASL? > > John B. > > > > On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <[email protected]> wrote: > > At the moment we only HTTP binding to transport the access token (please > correct me if not).. > > This creates a dependency on the transport. > > How about creating a JWT binding for OAuth 2.0..? We can transport the > access token as an encrypted JWT header parameter..? > > > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
