Thanks John for the pointer - will have look..

I am looking this for a pub/sub scenario..  Having JWT binding would
benefit that..

Also - why I want access token to be inside a JWT is - when we send a JSON
payload in this case, we already have the JWT envelope and the access token
needs to be carried inside..

Thanks & regards,
-Prabath





On Tue, Apr 14, 2015 at 2:41 PM, John Bradley <[email protected]> wrote:

> There is a OAuth binding to SASL
> https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19
>
> Google supports it for IMAP/SMTP,  I think the latest iOS and OSX mail
> client updates use it rather than passwords for Google.
> I also noticed Outlook on Android using it.
>
> The access token might be a signed or encrypted JWT itself.  I don’t know
> that wrapping it again necessarily helps.
>
> Yes we should have bindings to other non http protocols.
>
> Is there something specific that you are looking for that is not covered
> by SASL?
>
> John B.
>
>
>
> On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <[email protected]> wrote:
>
> At the moment we only HTTP binding to transport the access token (please
> correct me if not)..
>
> This creates a dependency on the transport.
>
> How about creating a JWT binding for OAuth 2.0..? We can transport the
> access token as an encrypted JWT header parameter..?
>
>
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950
>
> http://blog.facilelogin.com
> http://blog.api-security.org
>  _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>


-- 
Thanks & Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +1 650 625 7950

http://blog.facilelogin.com
http://blog.api-security.org
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to