I only recently joined this WG DL, so maybe this was already discussed by I have two things I'm confused/curious about:
1. Can we avoid using (1, 2, 3) on the left side of the diagram to describe, I'm not even sure what they are supposed to represent, not to mention the RO in the diagram doesn't really provide value (for me) relevant to the code grant flow. It's confusing to see these numerical identifiers twice in the same picture. But maybe there is something hidden in this that I'm missing, still 3a and 3b could be used to identify different legs of the same code path. [image: image.png] 2. It seems recently more and more common to pass the access_token to some RS via a cookie, yet 7.2.1 says it defines two methods. I think we need some RFC2119 <https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html#RFC2119> keywords here, to suggest that either SHOULD use one of these two, or MUST. And then optionally state whether or not we recommend or reject the use of cookies as a place for access tokens. It's also possible that the language threw me off, because would an access token in a cookie be a bearer token, but no matter, if I'm having this thought, then surely others have it as well, right? [image: image.png] *Warren Parad* Secure your user data and complete your authorization architecture. Implement Authress <https://bit.ly/37SSO1p>. <https://rhosys.ch> On Wed, Jul 15, 2020 at 7:55 PM Dick Hardt <dick.ha...@gmail.com> wrote: > +1 > > On Wed, Jul 15, 2020 at 10:42 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> All, >> >> This is a *call for adoption* for the following *OAuth 2.1* document as >> a WG document: >> https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html >> >> Please, provide your feedback on the mailing list by *July 29th.* >> >> Regards, >> Rifaat & Hannes >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
