IETF Logo Mail Archive

[OAUTH-WG] OAuth Device Flow is now RFC 8628

Mike Jones <Michael.Jones@microsoft.com> Sat, 17 August 2019 07:03 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D42120025 for <oauth@ietfa.amsl.com>; Sat, 17 Aug 2019 00:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fx-TAh4ytZFV for <oauth@ietfa.amsl.com>; Sat, 17 Aug 2019 00:03:46 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650134.outbound.protection.outlook.com [40.107.65.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7D00120020 for <oauth@ietf.org>; Sat, 17 Aug 2019 00:03:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ntPD53/qcYpN6EGNv3XA7ahjjALT465qCBHBnOS9Sh6nJKMTHU0Ho/zca7goebOJkHpgMF4HiVe4znkK9ytQ5KMSLF6jNjbg6UB0khJIuLvmXKRPI1/of6G1569Lt4+YjS5fG2Wp4LV27bgEwf80tlqdJ5T6Jb6VF1n3UOmw4JKkzgI0fAMpHd+Wy03V2OyMkUC9BWhyzE4MXW2Vu05zEgOssQmmdejF90FvZ74rV7UFvGVwxiJi1TlN+2T5NtlVOEecpq4vnFjFsFm8COHggytkQUJW9GOscyyEcJFXrr6UCQKCwZCxKmSMVkDlx7uthMA0No/A2SlQ9XAzHpKh8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CSHv5X7Cce5iuRViGeMOU5qST5t+l+oh64HjUccSrsQ=; b=P4Xe6KUOreey2NVLLZo97z8MFzRlxYn9v38m1+WSnBSKx+vHE1WgGrEKyvmaKPXCmcuIfLQI2xufrv+VLfSalwFFr4T7gJYP/M1WW+zbmgjSsSAZYQOshxH0BWj1SX8mn9hYzVLSZHSfkGwZKiB4xUI/PhEh/NPK2Ltos+7dAV9uCfxCH0ikrborvV+ZOnamWYWEm4HLHGtyxd2WXpFnP6CZR1wxd/tHyvht8c/lsEMXRmxyA7Xy+mdcw+qwa4Z5RvBKNcZAz90NRkleZ7xObXFAe8atIlRKbsF8UdxN9iBYPq9ExMXZG4vPi2dXwOYILZfY/EsFbI3d85LgAcrECQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CSHv5X7Cce5iuRViGeMOU5qST5t+l+oh64HjUccSrsQ=; b=Idu5KW3zzxmSlGzYUTG0aFFbHTMx/0Y2a6YzhaRbh6P60SaGVAC8rEk0weHlrpGBg/eu/eTgb2ZNW2REyMl7EzDb3mPhzZKT3h+282K7/3LHe9Fl9j/XK550Uk/Pq+7xEw/ePjyGr9fmUPGU1rBvX5CpQwPGxfvxgIwL6vbjgBg=
Received: from MN2PR00MB0576.namprd00.prod.outlook.com (20.178.255.149) by MN2PR00MB0575.namprd00.prod.outlook.com (20.178.255.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2225.0; Sat, 17 Aug 2019 07:03:28 +0000
Received: from MN2PR00MB0576.namprd00.prod.outlook.com ([fe80::686f:49df:5f45:9ed3]) by MN2PR00MB0576.namprd00.prod.outlook.com ([fe80::686f:49df:5f45:9ed3%2]) with mapi id 15.20.2225.000; Sat, 17 Aug 2019 07:03:28 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth Device Flow is now RFC 8628
Thread-Index: AdVTpmGKPgMfY9cFTzi3WEqP1APMyg==
Date: Sat, 17 Aug 2019 07:03:28 +0000
Message-ID: <MN2PR00MB0576F3B1B1DAE617771F8732F5AE0@MN2PR00MB0576.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=a2978f6f-1827-493c-99c6-0000c3361fbf; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-08-15T20:15:06Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.93.218]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 79a20159-d297-43ab-56a1-08d722e10191
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600158)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:MN2PR00MB0575;
x-ms-traffictypediagnostic: MN2PR00MB0575:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MN2PR00MB0575F65EA41A44E3460668AEF5AE0@MN2PR00MB0575.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0132C558ED
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(376002)(366004)(39860400002)(346002)(209900001)(54164003)(199004)(189003)(966005)(10090500001)(6306002)(76116006)(236005)(8990500004)(9686003)(55016002)(54896002)(14454004)(66446008)(64756008)(66556008)(66476007)(6916009)(5640700003)(6436002)(606006)(66946007)(99286004)(7696005)(86362001)(2906002)(14444005)(256004)(22452003)(316002)(33656002)(3846002)(6116002)(790700001)(66066001)(66574012)(5660300002)(52536014)(8936002)(2501003)(6506007)(26005)(81156014)(7736002)(81166006)(186003)(1730700003)(74316002)(8676002)(102836004)(53936002)(53376002)(478600001)(2351001)(25786009)(10290500003)(486006)(476003)(71190400001)(71200400001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR00MB0575; H:MN2PR00MB0576.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: rfEGNZJ8AS+QcUsj6Bd4VqndhI4aolFlxdXXQOuwV2eTHR1QpV6J/z6vRcXrwikvUBOvhpxcpYwXgCeCPYxI1v1cYAabKVFMdvgDAVo/fyKX4WpDShha/iN14+SwZY3eixd3t6fdOqqBbPaJcQ/0TFmgBaG3EfWG2B8HHmM7zUU5Xq1fKUAKhXqTLHBH/6yYJdxxMGXsvUjc0NLYGu8ZQ5NMvHl1xUeIFQCP+jwnLe6Nk1nFc40/gochS7QBftGoOz7ENwDyOcnZRvEOryNQhgpjBtZxnHfuQ4DwoOnwWnkfH/8osAqTYYiSEWmdDgeG/84Z6Qc2/mh4MygwAeC1Rh9p2GjK8Lj/jWVGvD3DkD6rfL7uafUXH57py1OFSu3BEHto+jWK/0kqyUsbOawqbuKCLz3ncLhUfzZfGr2vgY8=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR00MB0576F3B1B1DAE617771F8732F5AE0MN2PR00MB0576namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 79a20159-d297-43ab-56a1-08d722e10191
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2019 07:03:28.3871 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Lz87dAr0yrct++9G2p7vdXOagKLnB/1O23nPhLyYlpE3eOTAFBCQ/j/y1kJav/CdK1MD6liRqH9TfcXTsIqbrQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0575
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/87KPXUdbVxjFiER4tOoo6U8VpbA>
Subject: [OAUTH-WG] OAuth Device Flow is now RFC 8628
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2019 07:03:50 -0000

The OAuth Device Flow specification (recently renamed to be the OAuth 2.0 Device Authorization Grant specification) is now RFC 8628<https://www.rfc-editor.org/rfc/rfc8628.txt>.  The abstract describes the specification as:

The OAuth 2.0 device authorization grant is designed for Internet-connected devices that either lack a browser to perform a user-agent-based authorization or are input constrained to the extent that requiring the user to input text in order to authenticate during the authorization flow is impractical.  It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources by using a user agent on a separate device.

This specification standardizes an already widely-deployed pattern in production use by Facebook, ForgeRock, Google, Microsoft, Salesforce, and many others.  Thanks to all of you who helped make this existing practice an actual standard!

                                                       -- Mike

P.S.  This announcement was also posted at http://self-issued.info/?p=2001 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email