Re: [OAUTH-WG] 2 Leg with OAuth 2.0

Phil Hunt <phil.hunt@oracle.com> Tue, 29 November 2011 20:05 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9AC1F0C38 for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 12:05:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJJXuHEzCHoo for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 12:05:20 -0800 (PST)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id C8DF11F0C46 for <oauth@ietf.org>; Tue, 29 Nov 2011 12:05:19 -0800 (PST)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by rcsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id pATK5InA021735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 29 Nov 2011 20:05:18 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id pATK5GKj012623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Nov 2011 20:05:17 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id pATK5Ebr026771; Tue, 29 Nov 2011 14:05:14 -0600
Received: from [192.168.1.8] (/24.85.235.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 29 Nov 2011 12:05:14 -0800
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <4ED5383E.5020605@stpeter.im>
Date: Tue, 29 Nov 2011 12:05:14 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <0EC9023D-A96E-4FF2-B89C-AD2C3B4BBFEB@oracle.com>
References: <CAK04b078ohKScZWEd-fJpiO73GFP-fOd+Lu8su-_nZs_KrKgbg@mail.gmail.com> <4ED5383E.5020605@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1251.1)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
X-CT-RefId: str=0001.0A090205.4ED53AFF.0012,ss=1,re=0.000,fgs=0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 20:05:21 -0000

This diagram may be out of date, but I found it useful early on to understand the multiple flows and "legs" of OAuth.

http://www.independentid.com/2011/03/oauth-flows-extended.html

The question of "legs" (or parties as some prefer) depends on what you have and what you need.

Take a look at Implicit (4.2) and Resource Owner (4.3) flows for some examples of 2-leg flows using passwords. There are others for different types of grants.

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2011-11-29, at 11:53 AM, Peter Saint-Andre wrote:

> On 11/29/11 12:49 PM, Brian Hawkins wrote:
>> I'm having trouble finding information on how to do 2leg authentication
>> with OAuth 2.0.  Does it even support it?
> 
> This issue comes up often enough that it deserves to be in a FAQ.
> 
> Peter
> 
> -- 
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth