Hi Dimuthu/Ishara,
On Thu, Nov 17, 2016 at 2:40 PM, Dimuthu Leelarathne
wrote:
> Hi All,
>
> In the OAuth handshake, do we also communicate about the access token
> profile? In that case it can be one of the profiles we support.
>
Yes. In the OAuth2 access token response there is a field which
Hi All,
In the OAuth handshake, do we also communicate about the access token
profile? In that case it can be one of the profiles we support.
thanks,
Dimuthu
On Wed, Nov 16, 2016 at 4:54 PM, Ishara Karunarathna
wrote:
> Hi Johan,
>
> Do we need to implement this as additional security for Oau
Hi Johan,
Do we need to implement this as additional security for Oauth. Instead
shall we implement this as a different authentication mechanism that we
support ?.
-Ishara
On Wed, Nov 16, 2016 at 2:37 PM, Johann Nallathamby wrote:
>
>
> On Wed, Nov 16, 2016 at 2:26 PM, Sanjeewa Malalgoda
> wr
On Wed, Nov 16, 2016 at 2:26 PM, Sanjeewa Malalgoda
wrote:
> @Johan
>
> On Wed, Nov 16, 2016 at 4:13 AM, Johann Nallathamby
> wrote:
>
>> Hi Nuwan/Sanjeewa,
>>
>>
>> On Wed, Nov 9, 2016 at 9:51 AM, Sanjeewa Malalgoda
>> wrote:
>>
>>> Hi Johan,
>>> In that HOTP solution are we sending both beare
@Johan
On Wed, Nov 16, 2016 at 4:13 AM, Johann Nallathamby wrote:
> Hi Nuwan/Sanjeewa,
>
>
> On Wed, Nov 9, 2016 at 9:51 AM, Sanjeewa Malalgoda
> wrote:
>
>> Hi Johan,
>> In that HOTP solution are we sending both bearer token and HOTP from
>> client side? How this counter update should work if
Hi Nuwan/Sanjeewa,
On Wed, Nov 9, 2016 at 9:51 AM, Sanjeewa Malalgoda
wrote:
> Hi Johan,
> In that HOTP solution are we sending both bearer token and HOTP from
> client side? How this counter update should work if validation information
> cached and introspection call do not happen always?
> An
Hi Johan,
In that HOTP solution are we sending both bearer token and HOTP from client
side? How this counter update should work if validation information cached
and introspection call do not happen always?
And other question is isn't that same as having shorter lifespan token with
long live refresh
On Thu, Nov 3, 2016 at 11:58 AM, Johann Nallathamby wrote:
> Recently have been seeing many users who are concerned about bearer token
> security in OAuth2. Although OAuth2 mandates to use TLS between the client
> and the resource server which makes it almost impossible to eavesdrop on
> the toke
Recently have been seeing many users who are concerned about bearer token
security in OAuth2. Although OAuth2 mandates to use TLS between the client
and the resource server which makes it almost impossible to eavesdrop on
the token while in transit, some people are still very sceptical about TLS,
I
