Re: [OAUTH-WG] can a resource server provide indications about expected access tokens?

Vladimir Dzhuvinov <vladimir@connect2id.com> Sat, 11 December 2021 10:43 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10473A0BB5 for <oauth@ietfa.amsl.com>; Sat, 11 Dec 2021 02:43:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.746
X-Spam-Level:
X-Spam-Status: No, score=-3.746 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFhHOKqguoPu for <oauth@ietfa.amsl.com>; Sat, 11 Dec 2021 02:43:42 -0800 (PST)
Received: from p3plsmtpa06-04.prod.phx3.secureserver.net (p3plsmtpa06-04.prod.phx3.secureserver.net [173.201.192.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D9E03A0BB3 for <oauth@ietf.org>; Sat, 11 Dec 2021 02:43:42 -0800 (PST)
Received: from [10.0.1.52] ([79.190.255.49]) by :SMTPAUTH: with ESMTPSA id vzqtmH8tbMLNKvzqvmgffq; Sat, 11 Dec 2021 03:43:41 -0700
X-CMAE-Analysis: v=2.4 cv=b4d3XvKx c=1 sm=1 tr=0 ts=61b480de a=h1DDhCA4LT+favd6VYqQpg==:117 a=h1DDhCA4LT+favd6VYqQpg==:17 a=q0rX5H01Qin5IyBaTmIA:9 a=r77TgQKjGQsHNAKrUKIA:9 a=48vgC7mUAAAA:8 a=y2c-kBKpAAAA:8 a=6z7v-TJIFy3KdTgRfGIA:9 a=pILNOxqGKmIA:10 a=W_nrZubzvpA_KjtQyuoA:9 a=O_XoXOBNLnTAdM8l:21 a=_W_S_7VecoQA:10 a=fSPGTSgBtm4jsw2BxjUA:9 a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10 a=w1C3t2QeGrPiZgrLijVG:22 a=awRHx4Xwn3BPZE6gbrHJ:22
X-SECURESERVER-ACCT: vladimir@connect2id.com
To: oauth@ietf.org
References: <CE063C3C-6992-4450-8153-0778C143C7A5@aueb.gr>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Organization: Connect2id Ltd.
Message-ID: <359ad163-82fb-7620-a2d2-2704372b5f54@connect2id.com>
Date: Sat, 11 Dec 2021 12:43:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <CE063C3C-6992-4450-8153-0778C143C7A5@aueb.gr>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020808040707000601080806"
X-CMAE-Envelope: MS4xfLnBcNdnx7B/WOB03kfXWC+PotpGEfwj5qNzcgOdejs57H1jSr+DM4Yok/qD8OrnyErsfSDw2mZeEMpR6DODT/iHrKKHvPWv/Jk1ZFmbn5P6Xdb0VBZe A38InyjEk/D+ZyYtpoJVHaX2NjcyHfmE0bPYOoYsUEm/yne7y/qnuJf11h47eb+IlHbhf62cYPJdTw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ChrntknpjVQLK3KQckC6DurSdOc>
Subject: Re: [OAUTH-WG] can a resource server provide indications about expected access tokens?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2021 10:43:47 -0000

Hi Nikos,

The "error_description" can be used to explain the expected token issuer 
and other facts to client developers.

https://datatracker.ietf.org/doc/html/rfc6750#section-3

If you want to give client software the ability to respond 
programmatically this will require some sort of a proprietary extension.

Vladimir

Vladimir Dzhuvinov

On 11/12/2021 12:35, Nikos Fotiou wrote:
> Hi,
>
> I have a use case where a resource server is protected  and can only be accessed if a JWT is presented. Is there any way for the server to "indicate" the "expected" format of the JWT. For example,  respond to unauthorized requests with something that would be translated into "I expect tokens form iss X with claims [A,B,C]"
>
> Best,
> Nikos
>
> --
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
> Researcher - Mobile Multimedia Laboratory
> Athens University of Economics and Business
> https://mm.aueb.gr
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth