Re: [OAUTH-WG] polling in the device flow
David Recordon <recordond@gmail.com> Wed, 09 June 2010 18:04 UTC
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CF473A67B4 for <oauth@core3.amsl.com>; Wed, 9 Jun 2010 11:04:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.617
X-Spam-Level:
X-Spam-Status: No, score=-0.617 tagged_above=-999 required=5 tests=[AWL=0.494, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BkaStYDWNZKa for <oauth@core3.amsl.com>; Wed, 9 Jun 2010 11:04:36 -0700 (PDT)
Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com [209.85.211.179]) by core3.amsl.com (Postfix) with ESMTP id B7AA03A6767 for <oauth@ietf.org>; Wed, 9 Jun 2010 11:04:32 -0700 (PDT)
Received: by ywh9 with SMTP id 9so6473655ywh.17 for <oauth@ietf.org>; Wed, 09 Jun 2010 11:04:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=j5ekKXnOFk+O6z6T/61qXJF9+mB/x1ZP/BSXfVK/OTk=; b=LPez9l82UVGTyhaurg0ZgHbNBSzr35CH72rPyGrGazoZtK0DO7tR7eIm7N5amVdJh7 8gLVITU4P/N+EZ3/4Pv87fC/OCxuI4yfhBR02y9AFJxZLs0jaqdNo3yEmKAIgrCL7FSX S3krTvRx8FE78AaM1Rcs/qV9oUuXMnEeitTLg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Noidl2JmuMghrwHs6yMbItQoLkem7NtQ9erV7Kc4U32ZJkmaPqsGOhR6JpHZyt+lw0 WY4hIjGzv0Bc1XjKD/yulp9KXfqYkrk9QFuFk2NAluQfJss8L8BNZPlSorwje/KBsnB1 cGsc6CksR3Iqx4pB1bRIjYgIEqbg4Ek8GALyQ=
MIME-Version: 1.0
Received: by 10.150.207.16 with SMTP id e16mr72017ybg.342.1276106293679; Wed, 09 Jun 2010 10:58:13 -0700 (PDT)
Received: by 10.231.192.4 with HTTP; Wed, 9 Jun 2010 10:58:13 -0700 (PDT)
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11263F7B9FB@WSMSG3153V.srv.dir.telstra.com>
References: <AANLkTimOXzscoFDtf-PO8965xuchEBJvqALiWM3O9fMl@mail.gmail.com> <4C0F3FFF.2050209@lodderstedt.net> <255B9BB34FB7D647A506DC292726F6E11263F7B9FB@WSMSG3153V.srv.dir.telstra.com>
Date: Wed, 09 Jun 2010 10:58:13 -0700
Message-ID: <AANLkTim5tJMXK4mcb7SrxK4ZR6FQqRKpZqRmxZ9QOpY9@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, Dirk Balfanz <balfanz@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] polling in the device flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 18:04:40 -0000
Unless I'm misreading the Timeouts spec, it defines a HTTP request header which the client uses to tell the server how long it will wait. That's a different problem from the server telling the client to back off it's request rate. A 503 with a Retry-After header seems reasonable. We should specify this interaction given that 503 headers will be new to many developers. --David On Wed, Jun 9, 2010 at 12:29 AM, Manger, James H <James.H.Manger@team.telstra.com> wrote: > Right on cue a new internet-draft covering the HTTP polling issue has just > appeared: > > > > Hypertext Transfer Protocol (HTTP) Timeouts > > draft-loreto-http-timeout [June 2010] > > > > See also: > > Best Practices for the Use of Long Polling and Streaming in Bidirectional > HTTP > > draft-loreto-http-bidirectional [Feb 2010] > > > > -- > > James Manger > > > > Am 08.06.2010 22:23, schrieb Dirk Balfanz: > > Hi guys, > > currently, we specify how polling should work in the device flow as part of > the OAuth2 spec. > > I would argue that that polling should be handled at a lower layer of the > stack, and that OAuth2 should be silent on the issue of polling. The benefit > will be a simpler spec. > > HTTP specifies the 503 response code with the (optional) Retry-After > response header. ASs could just use that mechanism to throttle clients, > instead of handling it at the OAuth layer. > > The OAuth spec could say something like: "The client requests the access > token after the user approves or rejects authorization. If the client cannot > determine when the user has approved or rejected the authorization, the > client MAY poll the server. The server MAY use throttling mechanisms such as > 503 HTTP response codes and Retry-After response headers which, if used, the > client MUST obey." > > What do you guys think? > > BTW, there is some precedence for this. Google's APIs use 503 response codes > to throttle servers, e.g. > http://code.google.com/googleapps/domain/gdata_provisioning_api_v2.0_reference.html > > Dirk. > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] polling in the device flow Dirk Balfanz
- Re: [OAUTH-WG] polling in the device flow Torsten Lodderstedt
- Re: [OAUTH-WG] polling in the device flow Manger, James H
- Re: [OAUTH-WG] polling in the device flow Torsten Lodderstedt
- Re: [OAUTH-WG] polling in the device flow Manger, James H
- Re: [OAUTH-WG] polling in the device flow David Recordon
- Re: [OAUTH-WG] polling in the device flow Dirk Balfanz
- Re: [OAUTH-WG] polling in the device flow Dirk Balfanz
- Re: [OAUTH-WG] polling in the device flow David Recordon