Re: [OAUTH-WG] ID Token by Device Flow
Justin Richer <jricher@mit.edu> Mon, 24 June 2019 16:13 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 895A71204AF for <oauth@ietfa.amsl.com>; Mon, 24 Jun 2019 09:13:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GYfhyAjTvYTI for <oauth@ietfa.amsl.com>; Mon, 24 Jun 2019 09:13:11 -0700 (PDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7213A1204AB for <oauth@ietf.org>; Mon, 24 Jun 2019 09:13:11 -0700 (PDT)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-1.mit.edu (8.14.7/8.12.4) with ESMTP id x5OGD8TG009660; Mon, 24 Jun 2019 12:13:09 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 24 Jun 2019 12:13:03 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by oc11expo18.exchange.mit.edu (18.9.4.49) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Mon, 24 Jun 2019 12:13:05 -0400
Received: from oc11expo18.exchange.mit.edu ([18.9.4.49]) by oc11expo18.exchange.mit.edu ([18.9.4.49]) with mapi id 15.00.1365.000; Mon, 24 Jun 2019 12:13:05 -0400
From: Justin Richer <jricher@mit.edu>
To: Takahiko Kawasaki <taka@authlete.com>
CC: oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] ID Token by Device Flow
Thread-Index: AQHVJ7glC2tReDX+3U6qshw8U7J6KKarQwaA
Date: Mon, 24 Jun 2019 16:13:05 +0000
Message-ID: <846314DA-2A9F-41EE-BD21-61EC1CCB80ED@mit.edu>
References: <CAHdPCmORS1=nEK9xSP-2hovCfyrt6RK78E1ciJGMYypS7CW+Tw@mail.gmail.com>
In-Reply-To: <CAHdPCmORS1=nEK9xSP-2hovCfyrt6RK78E1ciJGMYypS7CW+Tw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [69.140.126.174]
Content-Type: multipart/alternative; boundary="_000_846314DA2A9F41EEBD2161EC1CCB80EDmitedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/3qtRsZ0pL_jh_Ehcfq4MVgmSNvg>
Subject: Re: [OAUTH-WG] ID Token by Device Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 16:13:14 -0000
Taka, My reading is that the device flow, like other OAuth flows, does not prohibit extension, including passing back identity assertions like the ID Token. Since it inherits the token response from core OAuth 2, the ID Token could be issued along side the access token just like in the authorization code flow.The user is present and interacting at the AS in both cases. In fact, I’d say that there are enough similarities between the two that for the most part it should “just work” and fit the assumptions of most clients. That said, it’s technically true that there is no defined profile for the combination of the device flow and OIDC, but if something like that were to be written it would be better fit to the OpenID Foundation. — Justin On Jun 20, 2019, at 6:32 PM, Takahiko Kawasaki <taka@authlete.com<mailto:taka@authlete.com>> wrote: Hello, Do you have any plan to update the specification of Device Flow to support issue of ID tokens? OAuth 2.0 Device Authorization Grant https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/?include_text=1 Best Regards, Takahiko Kawasaki _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] ID Token by Device Flow Takahiko Kawasaki
- Re: [OAUTH-WG] ID Token by Device Flow Justin Richer
- Re: [OAUTH-WG] ID Token by Device Flow Takahiko Kawasaki
- Re: [OAUTH-WG] ID Token by Device Flow William Denniss
- Re: [OAUTH-WG] ID Token by Device Flow Nat Sakimura