[OAUTH-WG] Client cannot specify the token type it needs

Prabath Siriwardena <prabath@wso2.com> Mon, 21 January 2013 03:28 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1DE1C21F843C for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 19:28:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.377
X-Spam-Status: No, score=-0.377 tagged_above=-999 required=5 tests=[FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Q3ISTrgQt7JB for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 19:28:28 -0800 (PST)
Received: from mail-ea0-f179.google.com (mail-ea0-f179.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4AAB521F843B for <oauth@ietf.org>; Sun, 20 Jan 2013 19:28:27 -0800 (PST)
Received: by mail-ea0-f179.google.com with SMTP id d12so1431178eaa.10 for <oauth@ietf.org>; Sun, 20 Jan 2013 19:28:27 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=1ItvekzkNm8U6xVbc0PKQs0IQajZL6+ADhhATdqzBRk=; b=lpYXIVrXxK9eiBxS8mQBE9cqAlEhu+86gWzJhnsnfA8baqxHtwZJ7jGHiZN4hhG15t dQe5wzcItHReb/r71jz2+8Y7B/BceVoAbiQp1SKdSNeT9ARBzlgu7cWUW/PywXx1Et9K Rj1jEkqZV7+DgJfq8pJYcJJplfnnj6MCMJr7ow9fLWZz7TfyK8sg9OmPpCqK+2pA5YZ8 1QTM8mI+CinxAEDbvhjv8allJeIiga2LQwPdLg/z4TNTgO5Cqb5DQisf8zTSD9UYNPbw cfLoHI8a2a9jTYIstQttByL8xJc26kgGz3N1m/8GjScFEtQGwwaMoczpNKrOXNt+ETDh 0Kyw==
MIME-Version: 1.0
X-Received: by with SMTP id j46mr55823138eeo.27.1358738906875; Sun, 20 Jan 2013 19:28:26 -0800 (PST)
Received: by with HTTP; Sun, 20 Jan 2013 19:28:26 -0800 (PST)
Date: Mon, 21 Jan 2013 08:58:26 +0530
Message-ID: <CAJV9qO_Jks8UrHpn2+u3p2gS0HZNsMUmeY0aWVd8-BKesnMrsA@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b3438eae307fa04d3c40d3a"
X-Gm-Message-State: ALoCoQncsF7XF7IDMAqQ80tLUfhjXDiNoMexuet3FqVrjK+X16mEqOsKyCWpxSi89F9C0vbwVz2l
Subject: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 03:28:29 -0000

Although token type is extensible according to the OAuth core specification
- it is fully governed by the Authorization Server.

There can be a case where a single AS supports multiple token types based
on client request.

But currently we don't have a way the client can specify (or at least
suggest) which token type it needs in the OAuth access token request ?

Is this behavior intentional ? or am I missing something...

Thanks & Regards,

Mobile : +94 71 809 6732