IETF Logo Mail Archive

[OAUTH-WG] OAuth 2.1 mimetype

Evert Pot <me@evertpot.com> Wed, 13 May 2020 17:00 UTC

Return-Path: <me@evertpot.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E8F3A0B9C for <oauth@ietfa.amsl.com>; Wed, 13 May 2020 10:00:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evertpot.com header.b=HYWgU6dd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UI6ZPm+R
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEG22kkKFrCR for <oauth@ietfa.amsl.com>; Wed, 13 May 2020 10:00:55 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E3D53A0B85 for <OAuth@ietf.org>; Wed, 13 May 2020 10:00:55 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 0AAE57E4 for <OAuth@ietf.org>; Wed, 13 May 2020 13:00:54 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 13 May 2020 13:00:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evertpot.com; h= to:from:subject:message-id:date:mime-version:content-type; s= mesmtp; bh=7CerGyLih0s3DPbGcOfdpN1imm1fM0rFu6WcQw9Vn2M=; b=HYWgU 6ddFoyIJRLGt+P+1kYKTSFye7SYcvBE0mhMnqbNW+56iaJgi6UKad8M9/pc6GM6+ czkQNL/S9sY9t+9chzMXy8Cml1Nt1tuzEHKaOM1DxGFwhPrzl+0mPdMX4qw883/M 2dDSDF8aoFBzS2h8TF7UPt3yDwUUDjCZFjQzj4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=7CerGyLih0s3DPbGcOfdpN1imm1fM 0rFu6WcQw9Vn2M=; b=UI6ZPm+REPmjki0NUC5GiIdtQV/8ob6h/nKQq2nbeX5Bs L4/JyduwQv9Spv6V7heVkdcHNKaShiUBchsYhuLOPKfjWWlInqmEJqXu/mlvRfKI jT4YBJ5xCx9C6fnhyFpCFT8koi3K7urK8t7JetdkgrKKw4e5XMtivIDnyMLFFFoJ fYZxXAIOLFbMHRRin0MtnXctVbo7DawD0/lsxfqGdKLuTVAzylGRdtV8Z7fMCoy+ TQjWvOo7vurKFM0Ijy9jQP3geG2o9rfrvoL4tGGahiHH1prHmQWrwcd8qS1w5APc s0SIuZ7uuZMHJBdtG1KM1as2zO8UY2bF6dl8+jcng==
X-ME-Sender: <xms:xie8XtoR8qPMrE1xn5KuHT8Ipa6IM5I779WcQIykqlRghSS15FwDrg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrleeggddutdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefvhffukffffgggtgesrgdtreertd efjeenucfhrhhomhepgfhvvghrthcurfhothcuoehmvgesvghvvghrthhpohhtrdgtohhm qeenucggtffrrghtthgvrhhnpeeujeeiheevfeelfeejtdeghfelfeetieeijedtiedvud fgieeiuefhtdduleevhfenucfkphepjedtrddvgedriedvrddvtdejnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhgvsegvvhgvrhhtphhoth drtghomh
X-ME-Proxy: <xmx:xie8XvqRCRPFgR1qQT2OhoiJyw6J8YlXI59Beu7eJRCdxICoMtbTrA> <xmx:xie8XqMbEgqM46TRVHArbZeBTbxpJWDDCe5frdFbSs3tuzSSMnJHDQ> <xmx:xie8Xo6isafqUtq1ZV3AAMS36M6iGPZ67UnLKZUbpppD6INOEhR2tA> <xmx:xie8XjIoswtSTrRmTbvSPfWrVLw1ggGgUjguXrrCdGbSYs_AdQcGVg>
Received: from [192.168.2.10] (toroon0954w-lp140-01-70-24-62-207.dsl.bell.ca [70.24.62.207]) by mail.messagingengine.com (Postfix) with ESMTPA id 081D4328005A for <OAuth@ietf.org>; Wed, 13 May 2020 13:00:53 -0400 (EDT)
To: oauth <OAuth@ietf.org>
From: Evert Pot <me@evertpot.com>
Autocrypt: addr=me@evertpot.com; keydata= mQINBFzZpTYBEACt3GNTWOSosId2/7G1EHYWfva4gF4kgOL+/pew0+I2wTCyFeDXti+CRE1o 5LoCpTSGHDWZokSELeA2PwNX1ls7c2sZ7AVKWKhBLBhPEVo6YzlTli/B747ryGfMikiWYCRa e/yBJtyRuWuS8ArxCpEROzcUqCGZu7Rqs9RzUfYS7WZ85ne3DeRxPCCBIIlhlRu2lasjByPs IpSI0YSIpq4M5fLqbVdTjfqbTBGw82pDwQwlxO3J0T07dnvpEEheYspkMj/EGXqVTrLuoRw0 D7yObXgr0bcjuf+km8cdfZktclqCg1YajiseBBObw9IQpWiIE0oIxA7mAti1wus3JLxAfqCI tgzBtwEPeg6tcfzeDI9gnSl904g2+ozS0uFI61YHA/j70IxgIwyzp8QDsj0nS83aqaZV8k2U FNCnbriMftMCD/+iudRxfzq4VThkhIgfR9ZsaTvdWGIsAxCZyjaUHFMOBafjCMNjePCg74yA JSwdHhi6mzIuIfVGqsKXmO4Khzgm+c2qVq7cym93yp6kqNXOge9ZjQ2q96HHa64wXoYlNYZU 0fkvjkANj9V7ZC4PnavRMQHeFsW+vqU38pIFSppsqpeBggvV4U2WRHt2NyrE3ta9h1XTs9w3 SWSTujpJ/XGqPm7YYnNPrKXn5uvjEJ+OKt4+trpP1juUc3LJ8wARAQABtBtFdmVydCBQb3Qg PG1lQGV2ZXJ0cG90LmNvbT6JAk4EEwEIADgWIQTLR9Vo8uufCXNz2gLxiYR6BK2dDwUCXNml NgIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDxiYR6BK2dDyHmD/0bufc/UhM76R8S NSpYAds83HKt3XgIGPl8CEMaz35bkvlNypVUvd0iLy1MFgDDyqdXuM840HWL0grCC+g1LA8K eeHSYBDYm+ATlEu09FCN6+TdDbWBA19vmLlJ98mEgCDrIo/B+pskap4Qxq20vuxssL0nIXyM 1FoPlrTu8SuZrkViUSWmEICSB6UfZntIJDPxv9NSEjLKSkTCwIXna744W4zQQ/tHohohw2qc epCudGv1AhJBJS+UE8W+Lpt3e1fsMZQl/UIFpF3EQ3+6DkIHqk+nVe7zstcGbB/RUkHqwUCb km9Iv2B9YURrDW6XIF2jp+vAVuI78kLjXCTEBd8bzlBjt2BOTVaj4JZcdilKfNNr57H8Go+A IyVqsjjJ0LqkCdmG96lgJLUCcMztiJnTxxzLFSF4rQHKV14G8EQ+xMkx5We3QOWKGFHkf4JF zPCFD8O1978FbPEZ6JjnSR8Goeb5RKpGe3AfjHR7brS6jpxQaC8pGnjVBQzY3bXc1LSKWJ8N LHEOnKN5xBnwWpQv7pygxslnrNCzWCUijsqSQOFcihUEcZwNr6IwHBXBoR56pEiGk1u9Y8cZ VcJbQkj9Ok/0fNF1wYDlJS7gl20pD3YwZ2GIBPHH8FI+COOQmSTqpkN655H1qL4nfakXwu27 giSFbm0HupM7IuGm7fjigrkCDQRc2aU2ARAAysa169s6wds+2mg9oJTz0kDusRXca3pRiMKV 9YfpztMX9KK8F799gRtvjz8ZHVQlhr6NYHJmtsH5Y0iGYOL/6kUE56laB/C3cSJ0FOZN5Ov2 fROUWmEJod7oyHJW0mcGKGfHiuGo0Xs7bAcspxF5s8iysFr50nLGEqJJ7G6/jzcMuFwqhQ5z B3/hctD09nI5YPzJJrJiPxtJ3OV4wEziIW7Ff9rOwSDvMLbSfX/iJA7QRM81IuTVWBBljlG9 YkbPcyczINtqYAXFaKGaUM+TE3YnUDFsHgvpEm2MFC4NCcKFDgsAy8IOEYRCDXtkS2eopQvd rafP5jJ9aLXP/zbXlslY7dQ+QxQjus1W+V0eR09NDp83uaJ/EdtnveETyQqjrF+z4svdlRYF Xd3kyV91OC2r3fXX2uKHDuAQVI2jbAS2apnCJbCQJMQfULyAYXKf8iCGk7nC1y0tGGpQ7HxQ GW0KC86GQP8hrXYNVvhkFGuxGjp814U7eFfZUZICq3Lqk8rxi830+9noFCHU4egkRynULhCN M1R/A/itwBZsrZ4+I6vYejKizDvzm3e9sb+5CMQeX4Y1uLkYKT163hshJCGsJEIobmvLlqUh qkY3UFI293h8xv/b0bEbeILUWJn2c6GNWR3flbb4wYW968DZg3uvKnFkomA6XECwsAKDegUA EQEAAYkCNgQYAQgAIBYhBMtH1Wjy658Jc3PaAvGJhHoErZ0PBQJc2aU2AhsMAAoJEPGJhHoE rZ0PYdEP/0K9Nc7khSfCqvuyLnoV6ONkaGHfbjgNcjGj7n46nx9FQJpp36fVBYItJdFXEfbt riY7OnqS5voTDlpmS922xfk9gfG1TKGQrsHCKSj63LyIPweYdCFGvy5F/Ijn0eNeVuxJU48D gE3nfAygrDdjfgDy3E+iFNEbb1YJLXCTavA4ciX5IZ7W7uzWLC4m2u/3N2/phuPtRcRdszB+ kwHPnmPNX1Jqw84jLD+Nn8ideM4G6H3fqFS55GktB0wfMOgsnVDSyrFKnXMF/077W8ZUU9k/ TveBbBtYLxcwJyrVnARh97xUi9PUABK/K8djp+z/kBQCU+Umwii4vFoubh/vTE/09BRaY8jg tvTetzzeMoqsnRiEgFHO+RCUFVFrzG8X48zji44+Vs/Ocq4Rz1auHPGpVT7ksB7/1C3wWOIg D+rOfkLt+zr1QG2V/BT1O0qrAaxOOm3pj76OyYks/tcdERkXWIQhCamn2Wc4h7tWuGnCJHny AGRF93EEPoMXoa5YxE7ai6WIUJBnR892vEVL+tOMDc0uaOAxk9xfMTM9FICqLVzfxo4GUDhJ tVV72OP0MkjyR1JTKZ6zAS7e5CviHutd8m/ILFDCKxgl46mERGW87eolJEO2aAjR8LycuwD2 PApJHMoXVaQKApGJYYaUeJrYDbqVYBNRMoVllUFOGRE6
Message-ID: <f5957776-3415-17b1-6b4c-69e80f4bd56a@evertpot.com>
Date: Wed, 13 May 2020 13:00:53 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------8C6FD63437E03D947E097C38"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0ZRZe3aW3HDtBpXMoIkYCdefbPA>
Subject: [OAUTH-WG] OAuth 2.1 mimetype
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 17:00:57 -0000

Currently OAuth 2 uses application/json as their main mimetype for JSON
responses.

This has at least two drawbacks:

 1. Content-negotiation is a good way to to version/alter behavior of
    endpoints/introduce extensions or modifications.
 2. In systems that use Web Linking, it's harder to use a generic link
    relationship to point to an OAuth2 endpoint.

I would like to define links in my system to point to endpoints where
users may log in (to the authorize endpoint), or log out (the revoke
endpoint).

In an ideal world, I would do this with a link such as:

Link: https://auth-server.example; rel="authenticate";
type="application/oauth21+json"

This allows a client both figure out in a generic manner the endpoints
are, and also what protocol is supported.

Is there a chance that a new mimetype could be registered for OAuth 2.1?
I believe this can be done in a manner that's both backwards compatible
with OAuth 2, by requiring clients and servers to support
'application/json'. For instance, a server can respond with
'application/json' if it didn't receive 'application/oauth21+json' in
neither a Content-Type nor Accept request header.

Evert

v2.23.0 | Report a Bug | By Email