Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06

Rifaat Shekh-Yusef <> Wed, 28 June 2017 12:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7480612EC28 for <>; Wed, 28 Jun 2017 05:27:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6UUCEg4Z2e2R for <>; Wed, 28 Jun 2017 05:27:12 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 62738129AC5 for <>; Wed, 28 Jun 2017 05:27:03 -0700 (PDT)
Received: by with SMTP id r126so31951680vkg.0 for <>; Wed, 28 Jun 2017 05:27:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=2a84I3RbHRQ3Q8jtdEHqwlrFmyaSV+VB/XsPACTRwNw=; b=IY1NuoJwlubzOZ/BdgTW5uC44V5jToet78USrr0yql/PRDiG7Qiu6NREaUBT78rlaO mhfpe4LbRLGizFmxFy0tl0M1eYs2AmlHI0qXM6Bv7VIUFVcZ2jHjI3hsN80CA73xQWm4 1LbMudzs74zbAuMIvMkQubyc2BR4X8TaIIkkwUrdrvBVLf01M+oIHOioP0PfUMVyHfmo wdObVBdRohU0ctSSfCcA/KUuRhquSd14JU+XwySITmBsd+gGkCD1/ET6wnFAkd1ubtke KF6sVc9TVN71WCobT1pYMKkTVTdeIgdKqOWisazyVcIAwFjmTeKHm75+bDa6wwr7/ewW fKkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=2a84I3RbHRQ3Q8jtdEHqwlrFmyaSV+VB/XsPACTRwNw=; b=PJu0U8qE5a8sogsjN5lQtrmS2hGYtyBp/7ZJposPnlsnMMjeTjl352boF1RjuCb2AD 73fz15Hi0duEed80s5g56VgtKQWsyJ7d7s0L5SfGW4Hcs4P4cKYMhCchPDDqXCUtzMks Pk2FE+7TghnShECXBWC2AaLEPuljzSTujJ2Ymb4C9rxk+K4+YEs6VqdqLAowwxwJvxZ7 Nhf3u10eBNi3omsozgHg0wCk+i5uXnW1ndgZgILyrXCGOZWRAQepMdRjQ0EKoLVlkqA5 OXFeM50ZmbYUIW6P+OhY54oYdpImJgGlLzYsZjXQHm9ln6Ia3FdXxGKunMxgGq89saAl ZerA==
X-Gm-Message-State: AKS2vOwg1O6JyXqfMDk26wjGGFDSDgvfmO4ympFakCrjNuL+8dMgxNXu YdJRur6Dfmah2OfHtGUM8eHQlc/Mo2YD
X-Received: by with SMTP id i9mr4739986vka.64.1498652822268; Wed, 28 Jun 2017 05:27:02 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 28 Jun 2017 05:27:01 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Rifaat Shekh-Yusef <>
Date: Wed, 28 Jun 2017 08:27:01 -0400
Message-ID: <>
To: oauth <>
Content-Type: multipart/alternative; boundary="001a114419001cf4230553044dc7"
Archived-At: <>
Subject: Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Jun 2017 12:27:14 -0000

Hi (as individual),

I have reviewed the Device Flow document, and I have a question about the
polling part.
The current draft is calling for the Device Client to poll the AS for a
token (steps E & F of Figure 1).

Presumably, the process started with the user pushing some button on the
Device Client to initiate the process.
One way to avoid the need for polling is for the Device Access Token
Request to be sent to the AS only after the user for example pushed that
same button again.
This would allow the user to perform steps C and D to authorize the device,
and then push the button again to get the token.



On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <>

> All,
> We are starting a WGLC on the Device Flow document:
> Please, review the document and provide feedback on any issues you see
> with the document.
> The WGCL will end in two weeks, on June 16, 2017.
> Regards,
>  Rifaat and Hannes