Warren, Please, start a separate thread for this issue.
Regards, Rifaat On Wed, Jul 15, 2020 at 2:57 PM Warren Parad <wpa...@rhosys.ch> wrote: > I only recently joined this WG DL, so maybe this was already discussed by > I have two things I'm confused/curious about: > > 1. Can we avoid using (1, 2, 3) on the left side of the diagram to > describe, I'm not even sure what they are supposed to represent, not to > mention the RO in the diagram doesn't really provide value (for me) > relevant to the code grant flow. It's confusing to see these numerical > identifiers twice in the same picture. But maybe there is something hidden > in this that I'm missing, still 3a and 3b could be used to identify > different legs of the same code path. > [image: image.png] > > 2. It seems recently more and more common to pass the access_token to some > RS via a cookie, yet 7.2.1 says it defines two methods. I think we need > some RFC2119 > <https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html#RFC2119> keywords > here, to suggest that either SHOULD use one of these two, or MUST. And then > optionally state whether or not we recommend or reject the use of cookies > as a place for access tokens. It's also possible that the language threw me > off, because would an access token in a cookie be a bearer token, but no > matter, if I'm having this thought, then surely others have it as well, > right? > > [image: image.png] > > > *Warren Parad* > Secure your user data and complete your authorization architecture. > Implement Authress <https://bit.ly/37SSO1p>. > <https://rhosys.ch> > > > On Wed, Jul 15, 2020 at 7:55 PM Dick Hardt <dick.ha...@gmail.com> wrote: > >> +1 >> >> On Wed, Jul 15, 2020 at 10:42 AM Rifaat Shekh-Yusef < >> rifaat.s.i...@gmail.com> wrote: >> >>> All, >>> >>> This is a *call for adoption* for the following *OAuth 2.1* document as >>> a WG document: >>> https://www.ietf.org/id/draft-parecki-oauth-v2-1-03.html >>> >>> Please, provide your feedback on the mailing list by *July 29th.* >>> >>> Regards, >>> Rifaat & Hannes >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
