I have a draft I'm about to publish after our recent discussions. One of the changes is adding an appendix that lists out a bunch of existing OAuth extensions, and the device grant is in there. I also replaced the "Extension Grants" example in section 4.3 ( https://tools.ietf.org/html/draft-parecki-oauth-v2-1-02#section-4.3) with the device grant since that is deployed far wider than the SAML Assertion grant that was in that example in RFC6749. This will be published as version -03 in the next few days. Do you think that would be enough?
Aaron Parecki On Tue, May 12, 2020 at 2:39 PM Phillip Hunt <[email protected]> wrote: > One of the use cases brought up in the ROPC thread mentioned that redirect > was hard to do in some cases (like IoT). This reminded me of RFC8628, the > OAuth Device Authorization Grant. I mention it because for *some* of the > cases who say redirection is hard may be able to use the Device Authz Grant. > > Would it be worth including a section in OAuth 2.1 referencing RFC8628 or, > possibly incorporating it? > > Phil Hunt > @independentid > [email protected] > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
