Hi Dick, Am 19.07.2018 um 15:46 schrieb Dick Hardt <dick.ha...@gmail.com>:
>> I think any scenario with multiple resource servers relying on the same AS >> for authorization where the client acts on behalf of the resource owner >> qualifies for grant type code and distributed OAuth. >> >> Let’s assume a user wants to authorize a client for access to her cloud >> storage, email account and contacts when setting app the respective app. > > Would you walk me through the user experience that happened for the client to > do discovery on these three resources? In other words, what did the user do > to get the client to call the resource and get back the 401 response? I would assume the user enters the URLs or identifies the respective service providers in the app (e.g. by entering her email address). The client then sends an initial request as described in your draft and gets back the 401. Doing so for several resources will give the client the AS URL for all involved resources. If the client compares the iss claims it will figure our all resources are protected by the same AS and can authorize access via a single authz code grant flow. kind regards, Torsten.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
