IETF Logo Mail Archive

Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework

Prabath Siriwardena <prabath@wso2.com> Wed, 09 January 2013 06:59 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ED8921F8756 for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 22:59:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.319
X-Spam-Level: ****
X-Spam-Status: No, score=4.319 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_ENC_GB2312=1.345]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvXvl9J316oE for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 22:59:16 -0800 (PST)
Received: from mail-ee0-f43.google.com (mail-ee0-f43.google.com [74.125.83.43]) by ietfa.amsl.com (Postfix) with ESMTP id 6AF3121F874F for <oauth@ietf.org>; Tue, 8 Jan 2013 22:59:16 -0800 (PST)
Received: by mail-ee0-f43.google.com with SMTP id b15so323364eek.2 for <oauth@ietf.org>; Tue, 08 Jan 2013 22:59:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=r2CejbAeEs3NrWVUxPzVHkRcQNeD4vbk2BbxHsTltzA=; b=e4XuWcTqUnT8RhezOTVa001vLbLl4GU13ELVXfiyBTXg1EPQSMiU06+kYmeAmxAQVu M2VSRFReFZQ9eSoTHcFi41VniVXoqLSqxadGqJMweWCajrCKI6IGahGbF/qFIuAK16fV KXYWHRdCBFA6Fkn0+hbjv5UsCC+ehzNBBREVcJxSoGJmpaJ/nJ2q0POWkBcNxR7BQT7s qt4sKrGbLiMw8beltCIPW61vAr39vMd9XPkEwImEHma/xQ696FVDdHy9nI/xPoq1CbMI 3OXu3O3FIRnrUdq15el4HPOo4mQ98qsDKafjVxQw735rXvZaC5TaQhHUBqAUpu0JdjHG oxbQ==
MIME-Version: 1.0
Received: by 10.14.219.3 with SMTP id l3mr178381275eep.5.1357714755329; Tue, 08 Jan 2013 22:59:15 -0800 (PST)
Received: by 10.223.68.211 with HTTP; Tue, 8 Jan 2013 22:59:15 -0800 (PST)
In-Reply-To: <OFA8C733ED.9AAF57BF-ON48257AEE.002628A4-48257AEE.00263D78@zte.com.cn>
References: <CAJV9qO_A-_5CbfREFBxXr1efaAG5hVdbOR03BNgWY=iBM11fFg@mail.gmail.com> <OFA8C733ED.9AAF57BF-ON48257AEE.002628A4-48257AEE.00263D78@zte.com.cn>
Date: Wed, 09 Jan 2013 12:29:15 +0530
Message-ID: <CAJV9qO8kNErfhB8wtfMqBm3APoY-ka-Oa5vAj+DLQOkeULmC+g@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: zhou.sujing@zte.com.cn
Content-Type: multipart/alternative; boundary="047d7b621b90b29e4104d2d599ad"
X-Gm-Message-State: ALoCoQnyDDCVY6e/DIaMd5t/0Pd0CoA2NRo4faNJRwS5MO73ERBmzGlRRlA8zl8uxe7ABdslOWKw
Cc: Peng Zhou <zpbrent@gmail.com>, oauth@ietf.org, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 06:59:18 -0000

On Wed, Jan 9, 2013 at 12:27 PM, <zhou.sujing@zte.com.cn> wrote:

>
> Well, AS could send the request along with the auth code.
>

Not quite that will be useful.. It will be a new request that when user is
directed from AS to the client. That request should identify it self.

Thanks & regards,
-Prabath


>
> oauth-bounces@ietf.org 写于 2013-01-09 14:47:19:
>
> >
>
> > On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <zpbrent@gmail.com> wrote:
> > Dear Prabath:
> >
> > Thank you very much for your responses :-)
> >
> > However, I am still not quite sure why the authorization code must be
> > sent to the client through the RO's user-agent?
> >
> > One reason I see is, bringing the authorization code via User Agent
> > - links the user request to the authorization code. If AS directly
> > sends the code to the Resource Server the mapping between the user
> > request and the code is broken.
> >
> > Thanks & regards,
> > -Prabath
> >
> >
> >
> > Best Regards
> > Brent
> >
> > 2013/1/9 Prabath Siriwardena <prabath@wso2.com>:
> > > Prabath
> >
>
> >
> > --
> > Thanks & Regards,
> > Prabath
> >
> > Mobile : +94 71 809 6732
> >
> > http://blog.facilelogin.com
> > http://RampartFAQ.com_______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>



-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com

v2.29.0 | Report a Bug | By Email | System Status