Re: [OAUTH-WG] oauth with command line clients

Bill Burke <bburke@redhat.com> Mon, 12 June 2017 21:38 UTC

Return-Path: <bburke@redhat.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580CF12EB64 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 14:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Level:
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p5F_D_PHw_s1 for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 14:38:48 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C286E12EB58 for <oauth@ietf.org>; Mon, 12 Jun 2017 14:38:48 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 55FBA83F45; Mon, 12 Jun 2017 21:38:48 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 55FBA83F45
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=bburke@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 55FBA83F45
Received: from ovpn-116-70.phx2.redhat.com (ovpn-116-70.phx2.redhat.com [10.3.116.70]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8E7EB95358; Mon, 12 Jun 2017 21:38:47 +0000 (UTC)
To: David Waite <david@alkaline-solutions.com>, "Hollenbeck, Scott" <shollenbeck@verisign.com>
Cc: "aaron@parecki.com" <aaron@parecki.com>, "oauth@ietf.org" <oauth@ietf.org>
References: <a496c372-b700-c6ad-06e7-c257c10d5986@redhat.com> <CAGBSGjoarSVOEdqjPJXL6BfuACnZeks4LEyBpaMSb+TQ_WFNFw@mail.gmail.com> <e59735df-a6f1-341f-164e-6151b4f23d8e@redhat.com> <831693C2CDA2E849A7D7A712B24E257F73E441C6@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <CFC8B260-ED9E-41BA-8AB8-F0121535CC0A@alkaline-solutions.com>
From: Bill Burke <bburke@redhat.com>
Message-ID: <b01e5daa-1aa7-beed-e721-3bc7ec54ea47@redhat.com>
Date: Mon, 12 Jun 2017 17:38:46 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CFC8B260-ED9E-41BA-8AB8-F0121535CC0A@alkaline-solutions.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 12 Jun 2017 21:38:48 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FJBw7Z83SSZzGuxX85pO9PSZr8o>
Subject: Re: [OAUTH-WG] oauth with command line clients
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 21:38:50 -0000


On 6/12/17 12:20 PM, David Waite wrote:
> FYI, A few years ago I did a demonstration on OpenID Connect at Cloud 
> Identity Summit using a collection of bash scripts and command-line 
> utilities (nc, jq). I used the macOS system command ‘open’ to launch a 
> browser, and netcat to field the response as a poor man’s HTTP 
> endpoint.  The code for that presentation is at 
> https://github.com/dwaite/Presentation-Code-OpenID-Connect-Dynamic-Client-Registration 
>
>
> A few options for the user challenge/consent portion of the 
> authentication are:
>
> - use non-HTML request/response API (around some custom MIME type) to 
> drive a user agent through the authentication/scope approval/etc 
> stages of your AS
This is the option I'm interested in.  Something simple around 401 
challenges, text/plain mime type, and simple stdin processing.  I"ll 
post what I'm thinking of if its appropriate.  A colleague pointed me to 
SASL + HTTP [1], but not sure if that's what I'm looking for.

Thanks everybody,

Bill

[1] https://tools.ietf.org/html/draft-nystrom-http-sasl-09