[OAUTH-WG] OAuth 1 Bridge Flow

Marius Scurtescu <mscurtescu@google.com> Tue, 04 May 2010 17:29 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id D26D63A6A43 for <oauth@core3.amsl.com>; Tue, 4 May 2010 10:29:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.417
X-Spam-Status: No, score=-100.417 tagged_above=-999 required=5 tests=[AWL=-1.040, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id GtmfL4A73slI for <oauth@core3.amsl.com>; Tue, 4 May 2010 10:28:57 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com []) by core3.amsl.com (Postfix) with ESMTP id 9DBD13A6A6A for <oauth@ietf.org>; Tue, 4 May 2010 10:27:24 -0700 (PDT)
Received: from hpaq11.eem.corp.google.com (hpaq11.eem.corp.google.com []) by smtp-out.google.com with ESMTP id o44HR9Hg008152 for <oauth@ietf.org>; Tue, 4 May 2010 10:27:09 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1272994029; bh=WX4FUt81AWwniF+LYoU6ZB2jqo4=; h=MIME-Version:From:Date:Message-ID:Subject:To:Content-Type; b=n01LGAeL7Ip7Rx34C7W+mi6jAGGqvq0sPy2s0qmpe+GZ7Ti2zE3DRZQa/JgQNnoEu QmxkHcOAKujtfll0jSNiw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:from:date:message-id:subject:to:content-type:x-system-of-record; b=sbpO6tGmQIGz76NzqT5KT+cXJA5Qx2L+67HrYtvnp4TZ1PJsJ5Lw4kYv2sKb+TwSE e9sNj3WYCVs32oHF1XM0Q==
Received: from pwi6 (pwi6.prod.google.com []) by hpaq11.eem.corp.google.com with ESMTP id o44HQk0p026390 for <oauth@ietf.org>; Tue, 4 May 2010 10:27:07 -0700
Received: by pwi6 with SMTP id 6so1730033pwi.32 for <oauth@ietf.org>; Tue, 04 May 2010 10:27:06 -0700 (PDT)
Received: by with SMTP id r14mr4777969rvl.33.1272994025959; Tue, 04 May 2010 10:27:05 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 4 May 2010 10:26:44 -0700 (PDT)
From: Marius Scurtescu <mscurtescu@google.com>
Date: Tue, 4 May 2010 10:26:44 -0700
Message-ID: <AANLkTilxyiK3KXohJJNcY18zv4N3S_pI1WuHOPDI6ctE@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/mixed; boundary=000e0cd13abab7f3250485c804be
X-System-Of-Record: true
Subject: [OAUTH-WG] OAuth 1 Bridge Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 May 2010 17:29:01 -0000


I would like to suggest a flow, or endpoint, that is bridging OAuth 1
and OAuth 2. See the attachment.

The OAuth 1 Bridge Flow basically defines an endpoint where you can
place a signed OAuth 1 request and in response you receive a short
lived OAuth 2.0 access token. This flow can be used by clients that
have a long lived OAuth 1.0 access token and want to use a short lived
OAuth 2.0 access token to access protected resources.

Do you have a use case for a flow like this? If not exactly but close,
how can the flow be improved to cover your use case as well?

Feedback more than welcome.