(GMT-05:00)
To: oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi
We've had a user asserting that OAuth2 == OpenidConnect, referring to
the fact that the 'only' thing OIC adds on top of the authorization code
flow is the client specifying
@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi Justin,
On 13/10/14 12:53, Justin Richer wrote:
You are correct in that OAuth 2 and OpenID Connect are not the same
thing, but your user is correct that OIDC adds a few pieces on
top of
OAuth to add
*Cc:* oauth@ietf.org mailto:oauth@ietf.org
*Subject:* Re: [OAUTH-WG] New Version
Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
If we use the token endpoint then a new
(GMT-05:00)
To: oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi
We've had a user asserting that OAuth2 == OpenidConnect, referring to
the fact that the 'only' thing OIC adds on top of the authorization code
flow is the client
From: Sergey Beryozkin sberyoz...@gmail.com
Date:10/13/2014 9:00 AM (GMT-05:00)
To: Justin Richer jric...@mit.edu, oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi Justin,
On 13/10/14 12:53, Justin Richer wrote:
You are correct
my phone /
Original message
From: Sergey Beryozkin sberyoz...@gmail.com
Date:10/13/2014 6:33 AM (GMT-05:00)
To: oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi
We've had a user asserting
)
To: Justin Richer jric...@mit.edu, oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi Justin,
On 13/10/14 12:53, Justin Richer wrote:
You are correct in that OAuth 2 and OpenID Connect are not the same
thing, but your user is correct
/
Original message
From: Sergey Beryozkin sberyoz...@gmail.com
Date:10/13/2014 9:00 AM (GMT-05:00)
To: Justin Richer jric...@mit.edu, oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
Hi Justin,
On 13/10/14 12:53
...@lodderstedt.net
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
If we use the token endpoint then a new grant_type is the best way.
It sort of overloads code, but that is better than messing with
response_type
or
understand the usage.
*From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Brian
Campbell
*Sent:* Thursday, July 24, 2014 6:53 AM
*To:* Nat Sakimura
*Cc:* oauth@ietf.org list
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
I'd note
: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
If we use the token endpoint then a new grant_type is the best way.
It sort of overloads code, but that is better than messing with
response_type for the authorization endpoint to change the response from
: oauth@ietf.org list
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
+1
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On Jul 24, 2014, at 10:25 AM, John Bradley ve7...@ve7jtb.com wrote:
I am not against
Phil,
I thoroughly enjoy working with you whenever I can, and I really liked
your work on SCIM, but from the perspective of the web developers I work
with, I have a few concerns about what you wrote:
1. Developer experience and usability of the standards
You keep mentioning that web
:* Wednesday, July 23, 2014 10:33 AM
*To:* tors...@lodderstedt.net
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
If we use the token endpoint then a new grant_type is the best way.
It sort of overloads code, but that is better
10:33 AM
To: tors...@lodderstedt.netmailto:tors...@lodderstedt.net
Cc: oauth@ietf.orgmailto:oauth@ietf.org
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
If we use the token endpoint then a new grant_type is the best way.
It sort of overloads code
) but that is OK to do
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Thursday, July 24, 2014 10:22 AM
To: John Bradley
Cc: oauth@ietf.org list
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
I'm sorry to miss what
: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
+1
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On Jul 24, 2014, at 10:25 AM, John Bradley ve7...@ve7jtb.com wrote:
I am not against discussion in the WG.
I happen to agree with Phil's
2014-07-24 14:17 GMT-04:00 Bill Mills wmills_92...@yahoo.com:
Then why aren't people using this instead of (mis)using OAuth for this?
Even with a spec this short, IMHO, developers would not read it.
What they want is easy to read description with sample code, I suppose.
It also does not have
Campbell
*Sent:* Thursday, July 24, 2014 10:22 AM
*To:* John Bradley
*Cc:* oauth@ietf.org list
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
I'm sorry to miss what will likely be a very engaging meeting today.
The premise that some developers
Oh yea, real different, give me a freaking break
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Thursday, July 24, 2014 6:31 PM
To: Anthony Nadalin
Cc: John Bradley; oauth@ietf.org list
Subject: Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
.
-- Mike
*From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Phil Hunt
*Sent:* Wednesday, July 23, 2014 7:09 AM
*To:* Nat Sakimura
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-v2-user-a4c-05.txt
+1 to Justin.
2014-07-22 9:54 GMT-04:00 Richer, Justin P. jric...@mitre.org:
Errors like these make it clear to me that it would make much more sense
to develop this document in the OpenID Foundation. It should be something
that directly references OpenID Connect Core for all of these terms
That would be nice. However oidc still needs the new grant type in order to
implement the same flow.
Phil
On Jul 22, 2014, at 11:35, Nat Sakimura sakim...@gmail.com wrote:
+1 to Justin.
2014-07-22 9:54 GMT-04:00 Richer, Justin P. jric...@mitre.org:
Errors like these make it clear to
What about just defining a new grant type in this WG?
2014-07-22 12:56 GMT-04:00 Phil Hunt phil.h...@oracle.com:
That would be nice. However oidc still needs the new grant type in order
to implement the same flow.
Phil
On Jul 22, 2014, at 11:35, Nat Sakimura sakim...@gmail.com wrote:
+1
Speaking for myself, yes. Defining the simple ID_token grant showing how an ID
token only can be returned is my minimum objective.
I think there needs to be some discussion in the WG on certain features which
may be better suited only within OIDC and those features which fit better as a
So the draft would literally turn into:
The a4c response type and grant type return an id_token from the token
endpoint with no access token. All parameters and values are defined in OIDC.
Seems like the perfect mini extension draft for OIDF to do.
--Justin
/sent from my phone/
On Jul 22,
The new grant type that I was talking about was
authorization_code_but_do_not_return_access_nor_refresh_token, so to
speak.
It does not return anything per se, but an extension can define something
on top of it.
Then, OIDC can define a binding to it so that the binding only returns ID
Token.
This
27 matches
Mail list logo