More detail on the scenario would help. On Fri, Nov 9, 2018 at 2:04 AM Omer Levi Hevroni <[email protected]> wrote:
> Yes, that is correct. > I'm sorry the confusion, I think this confusion is built into > oauth framework itself. > You understood well the scenario - I have an application running on an > untrusted device in an untrusted network. I looked for a way to > authenticate the requests from the device to AS. > Does it make more sense now? > > On Thu, Nov 8, 2018 at 12:42 PM Dick Hardt <[email protected]> wrote: > >> Omar >> >> As promised, I have reviewed the ID[1] you posted. I'm confused in the >> Motivation by the references to authentication, as OAuth is about >> authorization. >> >> Perhaps you can post to the list the use case you are trying to solve >> for? I can infer aspects, but don't fully understand it. >> >> From what I can understand though, there is software running in a trusted >> device that would like to get an access token, and an OTP is part of how >> the device is authenticating to the AS. This seems like a 2 legged OAuth >> flow as there is no user involved directly, and it seems you have a means >> for the client to authenticate to the AS using an OTP. Am I guessing >> correctly? >> >> /Dick >> >> [1] >> https://datatracker.ietf.org/doc/draft-hevroni-oauth-seamless-flow/?include_text=1 >> >> >>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
