Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incremental-authz-00.txt: AS response for invalid existing_grant
Vladimir Dzhuvinov <vladimir@connect2id.com> Sun, 02 September 2018 06:24 UTC
Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D4EC130E00 for <oauth@ietfa.amsl.com>; Sat, 1 Sep 2018 23:24:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id by-F8HvwcYFq for <oauth@ietfa.amsl.com>; Sat, 1 Sep 2018 23:24:21 -0700 (PDT)
Received: from p3plsmtpa12-04.prod.phx3.secureserver.net (p3plsmtpa12-04.prod.phx3.secureserver.net [68.178.252.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D198D12DD85 for <oauth@ietf.org>; Sat, 1 Sep 2018 23:24:21 -0700 (PDT)
Received: from [192.168.0.105] ([78.130.190.73]) by :SMTPAUTH: with ESMTPSA id wLo4f4rccJnLAwLo4fA85Y; Sat, 01 Sep 2018 23:24:21 -0700
To: oauth@ietf.org
References: <153021689405.18540.5214482725778765448@ietfa.amsl.com>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vladimir@connect2id.com; prefer-encrypt=mutual; keydata= xsBNBFQZaoEBCACnP2YMDex9fnf+niLglTHGKuoypUSVKPQeKDHHeFQVzhRke+HBEZBwmA9T kZ+kEhyrNqibDPkPYVPmo23tM8mbNcTVQqpmN7NwgMpqkqcAqNsIyBtt09DjWOQVm57A3K+y uXI7SdNErdt79p2xQseOhqSC9+LgWuyh+mZsl2oFD4glFFfKSCMp2jATXrAMeGzigTnW+Xe0 tRzrwFN9zqykKxhUq9oHg1cNvoDtfxgsc9ysVHbxM/PM8o9lgj3YTQwKMBcCFclTqohji7ML fQ08eQo+acKTwC1WRzeLt9PknGt3C4TmvdCl0c1BQTTTNiF96Hu4kbaiBIbsfxJOR8+VABEB AAHNLFZsYWRpbWlyIER6aHV2aW5vdiA8dmxhZGltaXJAY29ubmVjdDJpZC5jb20+wsB+BBMB AgAoBQJUGWqBAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAZ0vUyOqri Ql62B/wOO0s2JC/QvO6w9iSsRhCOa/JZi+wO+l01V7eGCQ1cYf1W26Y7iKiUlY4/Kz+cr69D pMtkv3UpDTGejKEfspLUxz5Vo3T4oAKbTtNtVIZL/XxH3/JhJ719Jj4eLoe9/djKkGYTX2O5 bMk8TpO1DDjbIw4r9XKI9ZIk96zlKnZvrg7Ho7oOl0ZIf8AzcvdqZEUogDwyr8uwOU+jIyux mOTthepBzXCNjjBjnc8I1//9YppAIaGJ5nnXelVVD1/dyOszogervzFNANEIOvNvCd9G5u4e s7qkDKWKY7/Lj1tF+tMrDTrOh6JqUKbGNeTUB8DlPvIoNyqHUYfBELdpw1NdzsBNBFQZaoEB CADbPPN2c9iyif1rIiA3i+OAL2+jWlUwyM1hcfvA9zzYgQCFblNZk3lzkGukkCdSgyE3dibB 7TrP/7cPuSVp4sZ//PdSeYSP0NpURIi9Oqj4r3DlR1waR4g1pVPwXAhYvhsVD19RDdMasYBq enu+FXTvRKVB3erXBoXkBphhW4ekMh+E+21Cp2kaIf3VE4eK9565qFVem57CtTCqbpM8ElLb yQeHEl07bTrU8BCnmBJr9bg+h0Gp6s02PgebwXkiR5iGdANDrYHEmDj3XYdV8VFln4LRJeuj dGsZQpC9aQuFMhD5696iicelqHddNLZ0SOLnb8IxcTnU7HIjxMpgPBhPABEBAAHCwGUEGAEC AA8FAlQZaoECGwwFCQlmAYAACgkQGdL1Mjqq4kKPMwf+P+zfHt1/L+la1OszU8MXlarCHtRw qf0ROwUVB5PmLqGYqXSUN8qXFY38nIGNhxD/HAx8IZrlZ34FT9HH62hB3wmwvzO+JDl63yq0 0OJnywAaRUTSIwc6SnTQTgu0QSHidOG4yEXTNXDME14kO5Fvdlp6d2/vRDZ7oBcv6bX7g31H Ue5nai5/jXqQBikkgII6mst4GL803WLaNVvAUbLge25gvgdBdPgMpckNya0yzo9vHMQDDAhN oL1eAZ9MqG1qt2IVVE4dgHdNGUbREZ28Wur//gNTpama6eRrx7bOuVxf4euKbMxTMvHAP6bJ dIuenZiT6SZJLbpchHh+rgZ2rQ==
Organization: Connect2id Ltd.
Message-ID: <311901af-a5d8-586e-ae2e-f47f92c3afae@connect2id.com>
Date: Sun, 02 Sep 2018 09:24:19 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <153021689405.18540.5214482725778765448@ietfa.amsl.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080201000003040001010007"
X-CMAE-Envelope: MS4wfIYZR/3Sz5k6ybROxdXJBWnAi/hgw1f64l/8WR62nbV64uiy0DyflGN0uiroFUtamQ0CHvCvSEMO8W/NeSuGczm1I0KP+uBu3vbtTUyPFd8Xm8foEs7C 139lQSYHBgmdXxpcXUluH3lOGyOK8mlRGG9olrPDoCQsZlN2jfdGtyx5
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-uGl44OIal8QnCt0cmoTdlO5DD0>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incremental-authz-00.txt: AS response for invalid existing_grant
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Sep 2018 06:24:24 -0000
Hi William, How should the AS respond if the refresh token (existing_grant) is found to be invalid (for any of the listed reasons)? Ignore the client intent for incremental authZ or return an error code? Thanks, Vladimir On 28/06/18 23:14, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Incremental Authorization > Author : William Denniss > Filename : draft-ietf-oauth-incremental-authz-00.txt > Pages : 8 > Date : 2018-06-28 > > Abstract: > OAuth 2.0 authorization requests that include every scope the client > might ever need can result in over-scoped authorization and a sub- > optimal end-user consent experience. This specification enhances the > OAuth 2.0 authorization protocol by adding incremental authorization, > the ability to request specific authorization scopes as needed, when > they're needed, removing the requirement to request every possible > scope that might be needed upfront. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-incremental-authz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-00 > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-incremental-authz-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-increment… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… William Denniss
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… Denis
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… Dick Hardt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-incre… Vladimir Dzhuvinov