It can be a JSON payload over JMS or even MQTT.. I have seen some effort to create an MQTT binding for OAuth 2.0 - but then again for each transport we need to have a binding..
But - creating a message level binding would be much better IMHO.. Thanks & regards, -Prabath On Tue, Apr 14, 2015 at 2:55 PM, John Bradley <[email protected]> wrote: > Most of the pub sub things I have seen use HTTP transport. Do you have a > pointer to the protocol? > > On Apr 14, 2015, at 6:48 PM, Prabath Siriwardena <[email protected]> wrote: > > Thanks John for the pointer - will have look.. > > I am looking this for a pub/sub scenario.. Having JWT binding would > benefit that.. > > Also - why I want access token to be inside a JWT is - when we send a JSON > payload in this case, we already have the JWT envelope and the access token > needs to be carried inside.. > > Thanks & regards, > -Prabath > > > > > > On Tue, Apr 14, 2015 at 2:41 PM, John Bradley <[email protected]> wrote: > >> There is a OAuth binding to SASL >> https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 >> >> Google supports it for IMAP/SMTP, I think the latest iOS and OSX mail >> client updates use it rather than passwords for Google. >> I also noticed Outlook on Android using it. >> >> The access token might be a signed or encrypted JWT itself. I don’t know >> that wrapping it again necessarily helps. >> >> Yes we should have bindings to other non http protocols. >> >> Is there something specific that you are looking for that is not covered >> by SASL? >> >> John B. >> >> >> >> On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <[email protected]> >> wrote: >> >> At the moment we only HTTP binding to transport the access token (please >> correct me if not).. >> >> This creates a dependency on the transport. >> >> How about creating a JWT binding for OAuth 2.0..? We can transport the >> access token as an encrypted JWT header parameter..? >> >> >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
