[OAUTH-WG] OAuth 2.0 server behavior

Anton Panasenko <anton.panasenko@gmail.com> Fri, 26 November 2010 18:52 UTC

Return-Path: <anton.panasenko@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1A35928C100 for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 10:52:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bd9wo7K8sdJr for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 10:52:55 -0800 (PST)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by core3.amsl.com (Postfix) with ESMTP id 0ECA128C0FA for <oauth@ietf.org>; Fri, 26 Nov 2010 10:52:54 -0800 (PST)
Received: by eyd10 with SMTP id 10so1168072eyd.31 for <oauth@ietf.org>; Fri, 26 Nov 2010 10:53:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type:subject :date:message-id:to:mime-version:x-mailer; bh=GiAjzP6qE9lL70iigeZW3fneuQo03vrekykN5SbGX/Q=; b=KymGpLQp0qFXBgQNLnMplffx99lTLMw8tupqm27ksyquRUZvj3kgLPqVtM8cNLugON k/dhmQGm3w6hpciaiIMfMADEMwY7jygdkknXOoAygMFNmFma3tiwEMv3HUinboThnEF+ lkpu/WAqF8t4p6PBfFpytdKZEO/xk9P81/GCU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:subject:date:message-id:to:mime-version:x-mailer; b=K11Pfj4J4N3WHdg/r3QVG24o8POvrHwRH18mDvAFjxCWuP5igpACQYYnMhmYd/noEi 2LkykmRIe4bFmvFrKp87Fl3+8tLbmsa7WxTxuIX2GUgEldEae4iBcAAl6OkGpPXhlzDz b7DaDOATCFT15avcFop6GIg2bwXjIykcG5fs0=
Received: by 10.213.34.208 with SMTP id m16mr2254225ebd.97.1290797638048; Fri, 26 Nov 2010 10:53:58 -0800 (PST)
Received: from [192.168.0.101] (95-29-67-11.broadband.corbina.ru [95.29.67.11]) by mx.google.com with ESMTPS id v56sm2000995eeh.14.2010.11.26.10.53.54 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 26 Nov 2010 10:53:55 -0800 (PST)
From: Anton Panasenko <anton.panasenko@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-18--1042155124"
Date: Fri, 26 Nov 2010 21:54:17 +0300
Message-Id: <5F4958F3-F1C5-4E0E-9AE4-7042C5EA1AAC@gmail.com>
To: oauth@ietf.org
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
X-Mailman-Approved-At: Mon, 29 Nov 2010 08:37:45 -0800
Subject: [OAUTH-WG] OAuth 2.0 server behavior
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2010 18:57:21 -0000

Hi,

What behavior is expected from the server, if in the query on access_token without "scope" (grant_type=authorization_code&client_id=s6BhdRkqt3&client_secret=gX1fBat3bV&code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fc)?

1. The server must generate access_token for an empty scope.
2. The server must generate access_token for scope, which was approved for access_code.

--
Sincerely yours
Anton Panasenko
Skype: anton.panasenko
Phone: +79179838291
Email: anton.panasenko@gmail.com, apanasenko@me.com