IETF Logo Mail Archive

[OAUTH-WG] A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework

cspzhouroc <cspzhouroc@comp.polyu.edu.hk> Wed, 09 January 2013 01:26 UTC

Return-Path: <cspzhouroc@comp.polyu.edu.hk>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21E2021F8484 for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 17:26:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JkGGW+5EgSs for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 17:26:33 -0800 (PST)
Received: from mailhost2.comp.polyu.edu.hk (mailhost2.COMP.POLYU.EDU.HK [158.132.20.241]) by ietfa.amsl.com (Postfix) with ESMTP id EB44521F8481 for <oauth@ietf.org>; Tue, 8 Jan 2013 17:26:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailhost2.comp.polyu.edu.hk (Postfix) with ESMTP id 6715B5038C for <oauth@ietf.org>; Wed, 9 Jan 2013 09:26:29 +0800 (HKT)
X-Virus-Scanned: amavisd-new at comp.polyu.edu.hk
Received: from mailhost2.comp.polyu.edu.hk ([127.0.0.1]) by localhost (mailhost2.comp.polyu.edu.hk [127.0.0.1]) (amavisd-new, port 10024) with LMTP id pzDxRHHs6U8i for <oauth@ietf.org>; Wed, 9 Jan 2013 09:26:28 +0800 (HKT)
Received: from webmail.comp.polyu.edu.hk (vlinux01.COMP.POLYU.EDU.HK [158.132.8.197]) by mailhost2.comp.polyu.edu.hk (Postfix) with ESMTP id C0CF250371 for <oauth@ietf.org>; Wed, 9 Jan 2013 09:26:28 +0800 (HKT)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_615cbd1346c7dea246cd88ca9971fd6d"
Date: Wed, 09 Jan 2013 09:26:29 +0800
From: cspzhouroc <cspzhouroc@comp.polyu.edu.hk>
To: oauth@ietf.org
Message-ID: <190fcb42a851f2dfe73b2614b7880046@comp.polyu.edu.hk>
X-Sender: cspzhouroc@comp.polyu.edu.hk
User-Agent: RoundCube Webmail/10.5
Subject: [OAUTH-WG] A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 01:26:34 -0000

  

Dear All:

I have a question in the section 1.3.1. Authorization
Code in rfc6749 The OAuth 2.0 Authorization Framework.

It tells "which
in turn directs the resource owner back to the client with the
authorization code."

Who can let me know the reason why is the
authorization code sent to client through a redirection in resource
owner's agent? Any security implications?

Is it possible to let the
authorization server send the authorization code to the client directly
(not through resource owner's user-agent)?

Best Regards
Brent

v2.23.0 | Report a Bug | By Email