[OAUTH-WG] Question on REQUIRED metadata in https://tools.ietf.org/html/draft-ietf-oauth-discovery-07
Dick Hardt <dick.hardt@gmail.com> Tue, 14 November 2017 09:02 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9F112008A for <oauth@ietfa.amsl.com>; Tue, 14 Nov 2017 01:02:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhwSxhHBnBTY for <oauth@ietfa.amsl.com>; Tue, 14 Nov 2017 01:02:37 -0800 (PST)
Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02CB120046 for <oauth@ietf.org>; Tue, 14 Nov 2017 01:02:36 -0800 (PST)
Received: by mail-pg0-x241.google.com with SMTP id s11so9409407pgc.5 for <oauth@ietf.org>; Tue, 14 Nov 2017 01:02:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=cYm/Nx/F+wKvj8SfoeNOibq4rqAsfc914e+bW7ARh0k=; b=OBKQUTdEGH9cqC/l1pztuqjW2fUF+Lrs0yRrx9szOdsiaGD2hDT55lZ+HVWBIoy0Hi Ot9SyAyLLaRAjLxvrM6NEFo3lNnWdeNAimEzsyyby4roaauR/5hvOhfgb9q30+CPWVIv P72KAbWS54fyTeu4mQVbj3gso8hP6gHr3dW6y+1q0PXV93egsGBre96q89pZ2C7HTfOI Mufqmdxzn3IG9S8I+HI4rvEM235NSe1/kPaAJ/5rMbeMbMNHr0+Qsijcfn9p1UgJ7bzB IxGVdVlTv3+QNzd3YsaVhJdD+8KOVpZeND8QjsUF+s0bD0gbAyJJHSnl4SmGB6FQXHTW Fh1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cYm/Nx/F+wKvj8SfoeNOibq4rqAsfc914e+bW7ARh0k=; b=gpl3V45CEffDUs3ZeQeR4NeVMbeIQLaJi1rZctCy60cuC8DwhMOHvI167YO8vnBsPC p3hdnP9TOeSwOSL7PsKL8p8VWkPnOnhv0IuxSVFu8q+xtrDXtocHGiQx7zl7VPqTDIto 76/+dV2zJvGAZVgN7SgyzZ+b5WwLbeIGOJBsdbbr+2ckpqY0OMIwUaKrO2nHDjf04Ff5 5P4++pj7rilU6ZppibUEyD/ToWBPOTXqlfc2fxTkvatFLpPvrek27XhAnohkzW6MT8as DN40IPIbNoJveAMfaomGPEOPgmf0LRsh16nJ4zE8CDoJGoxItdnes/AYB02xQuraz96E kkvQ==
X-Gm-Message-State: AJaThX69u4LDafbK1cW3UvnBP4Vd2vEb64WYmCQozP0U3wr61bte6SLk GSlSI8eBi6c3UyKrMZAx7T3p7XCiOwPmJtX+0UKTpg==
X-Google-Smtp-Source: AGs4zMaWrK0r1cgj1ep8p0UZ7XBKj/JRroFVmdd8HK9C5N4/Eb0SPOj3lAqR1TXtkU6gD2VMQFzMc8j+hwhN6oQJ4uo=
X-Received: by 10.98.117.137 with SMTP id q131mr5415256pfc.165.1510650155971; Tue, 14 Nov 2017 01:02:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.190.1 with HTTP; Tue, 14 Nov 2017 01:02:15 -0800 (PST)
From: Dick Hardt <dick.hardt@gmail.com>
Date: Tue, 14 Nov 2017 17:02:15 +0800
Message-ID: <CAD9ie-shUhkwf4zkmku9JdbQ7uzxWxcZXwe-mfD+evcvw-VBbA@mail.gmail.com>
To: oauth@ietf.org, Mike Jones <mbj@microsoft.com>
Content-Type: multipart/alternative; boundary="94eb2c04fe1eed3e12055deda5e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/IJjszbzjKPPoAetyhdZiiY6fW0c>
Subject: [OAUTH-WG] Question on REQUIRED metadata in https://tools.ietf.org/html/draft-ietf-oauth-discovery-07
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 09:02:39 -0000
I was reviewing https://tools.ietf.org/html/draft-ietf-oauth-discovery-07 and noticed that in https://tools.ietf.org/html/draft-ietf-oauth-discovery-07#section-2 that authorization_endpoint is REQUIRED. I am working on deployments that are two-legged OAuth where there is no authorization_endpoint, but having a discovery document would be super useful. Additionally, in https://tools.ietf.org/html/draft-hardt-oauth-distributed-00, discovery would be useful, but there may not be an authorization_endpoint may not be needed in the authorization server as it is a two legged OAuth flow (ie, there is no user granting permission, the client is requesting an access token to use at resources) Is there a reason why authorization_endpoint is REQUIRED? /Dick