IETF Logo Mail Archive

Re: [OAUTH-WG] Username and Password Flow and oauth_client_secret

Allen Tom <atom@yahoo-inc.com> Thu, 29 April 2010 17:22 UTC

Return-Path: <atom@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 514563A679C for <oauth@core3.amsl.com>; Thu, 29 Apr 2010 10:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.262
X-Spam-Level:
X-Spam-Status: No, score=-14.262 tagged_above=-999 required=5 tests=[AWL=-0.808, BAYES_40=-0.185, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, MIME_QP_LONG_LINE=1.396, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w2Dh8OkPKHKx for <oauth@core3.amsl.com>; Thu, 29 Apr 2010 10:22:30 -0700 (PDT)
Received: from mrout1-b.corp.re1.yahoo.com (mrout1-b.corp.re1.yahoo.com [69.147.107.20]) by core3.amsl.com (Postfix) with ESMTP id 62E4F3A690A for <oauth@ietf.org>; Thu, 29 Apr 2010 10:22:22 -0700 (PDT)
Received: from SNV-EXBH01.ds.corp.yahoo.com (snv-exbh01.ds.corp.yahoo.com [207.126.227.249]) by mrout1-b.corp.re1.yahoo.com (8.13.8/8.13.8/y.out) with ESMTP id o3THLa6w035328; Thu, 29 Apr 2010 10:21:37 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; s=serpent; d=yahoo-inc.com; c=nofws; q=dns; h=received:user-agent:date:subject:from:to:message-id: thread-topic:thread-index:in-reply-to:mime-version:content-type: return-path:x-originalarrivaltime; b=odEfQV/5qjMwFr8MEaUv4PfTH6YZvK3dWHz+urq6kd3KDlRTmfrQDPDcBkJvfHzQ
Received: from SNV-EXVS03.ds.corp.yahoo.com ([207.126.227.235]) by SNV-EXBH01.ds.corp.yahoo.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 29 Apr 2010 10:21:36 -0700
Received: from 10.72.76.73 ([10.72.76.73]) by SNV-EXVS03.ds.corp.yahoo.com ([207.126.227.239]) via Exchange Front-End Server snv-webmail.corp.yahoo.com ([207.126.227.59]) with Microsoft Exchange Server HTTP-DAV ; Thu, 29 Apr 2010 17:21:20 +0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Thu, 29 Apr 2010 10:21:18 -0700
From: Allen Tom <atom@yahoo-inc.com>
To: David Recordon <recordond@gmail.com>, Tosh Meston <tosh.meston@gmail.com>, oauth@ietf.org
Message-ID: <C7FF0E1E.2D3AD%atom@yahoo-inc.com>
Thread-Topic: [OAUTH-WG] Username and Password Flow and oauth_client_secret
Thread-Index: AcrnwGD2NGjOXHZpd0ql7OJA+vGtTg==
In-Reply-To: <m2gfd6741651004282028x180a469bl942f556e46d4a443@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3355381278_11765901"
X-OriginalArrivalTime: 29 Apr 2010 17:21:36.0239 (UTC) FILETIME=[6BD5C7F0:01CAE7C0]
Subject: Re: [OAUTH-WG] Username and Password Flow and oauth_client_secret
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2010 17:22:31 -0000

As an additional datapoint, Yahoo only offers the equivalent of the
username/password flow (using our proprietary token auth API) for a very
small number of partners, and only when using a browser not feasible.

Allen

On 4/28/10 8:28 PM, "David Recordon" <recordond@gmail.com> wrote:

> I realize that this doesn't work generically, but at Facebook we only plan to
> offer the username/password flow to a small number of partners.
> 
> [...]
> 
> I believe Google is going to solve this problem by not supporting the
> username/password flow in the first place.
> 
> --David

v2.23.0 | Report a Bug | By Email