Re: [OAUTH-WG] OAuth 2 flow diagrams
"Anganes, Amanda L" <aanganes@mitre.org> Tue, 07 February 2012 14:46 UTC
Return-Path: <aanganes@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF7321F85C0 for <oauth@ietfa.amsl.com>; Tue, 7 Feb 2012 06:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFCKNtrSDXek for <oauth@ietfa.amsl.com>; Tue, 7 Feb 2012 06:46:15 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 9D2A421F87EB for <oauth@ietf.org>; Tue, 7 Feb 2012 06:46:15 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 3E33B21B12C4 for <oauth@ietf.org>; Tue, 7 Feb 2012 09:46:15 -0500 (EST)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 2D36821B12C3 for <oauth@ietf.org>; Tue, 7 Feb 2012 09:46:15 -0500 (EST)
Received: from IMCMBX04.MITRE.ORG ([169.254.4.153]) by IMCCAS03.MITRE.ORG ([129.83.29.80]) with mapi id 14.01.0339.001; Tue, 7 Feb 2012 09:46:14 -0500
From: "Anganes, Amanda L" <aanganes@mitre.org>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2 flow diagrams
Thread-Index: Aczif4PCcrk7k9BXRael3a751ffYQADJuVhw
Date: Tue, 07 Feb 2012 14:46:13 +0000
Message-ID: <B61A05DAABADEA4EA2F19424825286FA181D1050@IMCMBX04.MITRE.ORG>
References: <B61A05DAABADEA4EA2F19424825286FA181D05DF@IMCMBX04.MITRE.ORG>
In-Reply-To: <B61A05DAABADEA4EA2F19424825286FA181D05DF@IMCMBX04.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.83.31.57]
Content-Type: multipart/alternative; boundary="_000_B61A05DAABADEA4EA2F19424825286FA181D1050IMCMBX04MITREOR_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth 2 flow diagrams
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2012 14:46:17 -0000
Hello again, Based on some feedback I have received I have updated my diagrams. Changes are listed below, and the link (https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true) will always point to the latest version. * Changed the title of the diagrams to "OAuth 2.0 Authorization" (from "OAuth 2.0 Authentication", which was incorrect). * Removed refresh_token from the Access Token response on the Client Credentials flow. Ref: http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 says "A refresh token SHOULD NOT be included." * Changed "Consumer" to "Client" to better match the 2.0 terminology. Amanda Anganes Info Sys Engineer, G061 The MITRE Corporation 782-271-3103 aanganes@mitre.org From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Anganes, Amanda L Sent: Friday, February 03, 2012 9:24 AM To: oauth@ietf.org Subject: [OAUTH-WG] OAuth 2 flow diagrams Hello, I've developed a set of flow diagrams for the OAuth 2.0 spec, with separate diagrams for the Access Code, Implicit Grant, Resource Owner Password Credentials, and the Client Credentials flows. These were inspired by the diagrams for 1.0 and 1.0a that Idan Gazit posted in http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html, which Justin Richer pointed me to when I first started trying to read and understand the OAuth2.0 spec. I find these types of diagrams to be incredibly useful, so I updated them again to (hopefully) reflect the 2.0 spec. I'd appreciate any comments/corrections. If anyone finds the diagrams to be useful, please feel free to rehost or reference them. https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true Thanks, Amanda Anganes Info Sys Engineer, G061 The MITRE Corporation 782-271-3103 aanganes@mitre.org<mailto:aanganes@mitre.org>
- [OAUTH-WG] OAuth 2 flow diagrams Anganes, Amanda L
- Re: [OAUTH-WG] OAuth 2 flow diagrams Anganes, Amanda L
- Re: [OAUTH-WG] OAuth 2 flow diagrams Justin Richer