Re: [OAUTH-WG] ID Token by Device Flow
Takahiko Kawasaki <taka@authlete.com> Mon, 24 June 2019 19:16 UTC
Return-Path: <taka@authlete.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B938120152 for <oauth@ietfa.amsl.com>; Mon, 24 Jun 2019 12:16:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=authlete-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1nNri_6keUn for <oauth@ietfa.amsl.com>; Mon, 24 Jun 2019 12:16:44 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA75E120137 for <oauth@ietf.org>; Mon, 24 Jun 2019 12:16:43 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id z25so23287986edq.9 for <oauth@ietf.org>; Mon, 24 Jun 2019 12:16:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=authlete-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C206NIdxexdFd98bnX3vpFg2wbR1P0iXXDa03rq1G6E=; b=MoIdEEb20tgTqmAmwgTdH/ENiKdJRJt8s1y5K8MGeyWFJNV9X5J5M5hIksz83MfPr/ CKshjBI3cTTpfs23/bsbnQqJfR+yUShVYgWaH+99vKS69B46edkwWv9H1eygPc1hdn+x ylttXpcd0kg0gg4q9GojLgNZcUOBSftPwBYtrgSReu4YRD64M9sCPH69g/+/22aYa+5v VF3EX5qAZK3uW25V9gPtnAPYu25KXJQa2Pp5SVcQZy3yAc+9ucIkMJQuBgjKY/YO/AtF 8j1U1TC4lzTjxb10x2ph+N7ba1ErIUEHFmqo//BtthEPEqjGaajSYsGHzqRhcSuImaW0 zZTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C206NIdxexdFd98bnX3vpFg2wbR1P0iXXDa03rq1G6E=; b=L+VqNNGshX7cu2YGJahdoQRTwwjuQBzfRyG7YafT5w5/mMRP0oRx8A3PNPP46l7NKG 6gv7wpK6NVNWmK4xcRP3ilT66hsewVtQW4GuLU6UXzb3qX7VB/mn/lATrtFZ0KbDZaFG WKbVUtLgIirpzFsIooMh8hkxFVP/qtRzaUJllzdtOiMTQWsmW7O0I9VJpZS/CecF1gKj xjfVM8+NNGLVGVlO04ZXDFsjuuc8h3jWDDkS5sJQXrlTtKHIe/BAFa0Gv3KFL3KK4XYd i7DBjYt3c+6F0myVnQznG0YHoIF4uxPs8Qu3jjpy6pdARNYxFNeAd/rYpKOFz0abihlB bQIA==
X-Gm-Message-State: APjAAAV9zLmG0696YbGXCnextMBUGwKZCWu3Ku0g5/ctbuvDSSdYZkRf 5L3jckR06qujU4c2gReS75lvuyy75WernHvpnp1zdQ==
X-Google-Smtp-Source: APXvYqwxu60Uy1kt/y4mup5l8HLPCiOxkPE0cYk12NSvCGRnk7xpUeFWVaTPiBjSe0YgYMe7SGnRp1BmWQv1u+VxbpU=
X-Received: by 2002:a05:6402:1459:: with SMTP id d25mr51870266edx.235.1561403802415; Mon, 24 Jun 2019 12:16:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAHdPCmORS1=nEK9xSP-2hovCfyrt6RK78E1ciJGMYypS7CW+Tw@mail.gmail.com> <846314DA-2A9F-41EE-BD21-61EC1CCB80ED@mit.edu>
In-Reply-To: <846314DA-2A9F-41EE-BD21-61EC1CCB80ED@mit.edu>
From: Takahiko Kawasaki <taka@authlete.com>
Date: Tue, 25 Jun 2019 04:16:31 +0900
Message-ID: <CAHdPCmO9Uyz_yRA5AbFoy_fpDat4K9P6AZCQZGgH31ZyreS94A@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fe8db9058c16a61d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/I8pzVXSzQLvM54e1dEn6yTu_h6M>
Subject: Re: [OAUTH-WG] ID Token by Device Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 19:16:46 -0000
Hi Justin, Thank you. Consensus will be that "openid" in the "scope" request parameter should trigger generation of an ID token. I'm wondering if the WG plans to mention it explicitly in the spec and add "acr_values" request parameter. Best Regards, Taka 2019年6月25日(火) 1:13 Justin Richer <jricher@mit.edu>: > Taka, > > My reading is that the device flow, like other OAuth flows, does not > prohibit extension, including passing back identity assertions like the ID > Token. Since it inherits the token response from core OAuth 2, the ID Token > could be issued along side the access token just like in the authorization > code flow.The user is present and interacting at the AS in both cases. In > fact, I’d say that there are enough similarities between the two that for > the most part it should “just work” and fit the assumptions of most > clients. That said, it’s technically true that there is no defined profile > for the combination of the device flow and OIDC, but if something like that > were to be written it would be better fit to the OpenID Foundation. > > — Justin > > On Jun 20, 2019, at 6:32 PM, Takahiko Kawasaki <taka@authlete.com> wrote: > > Hello, > > Do you have any plan to update the specification of Device Flow to support > issue of ID tokens? > > OAuth 2.0 Device Authorization Grant > > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/?include_text=1 > > Best Regards, > Takahiko Kawasaki > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > >
- [OAUTH-WG] ID Token by Device Flow Takahiko Kawasaki
- Re: [OAUTH-WG] ID Token by Device Flow Justin Richer
- Re: [OAUTH-WG] ID Token by Device Flow Takahiko Kawasaki
- Re: [OAUTH-WG] ID Token by Device Flow William Denniss
- Re: [OAUTH-WG] ID Token by Device Flow Nat Sakimura