Re: [OAUTH-WG] OAuth Device Flow

William Denniss <wdenniss@google.com> Thu, 05 November 2015 02:26 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED841B36D8 for <oauth@ietfa.amsl.com>; Wed, 4 Nov 2015 18:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWAkJbuwZLv7 for <oauth@ietfa.amsl.com>; Wed, 4 Nov 2015 18:26:45 -0800 (PST)
Received: from mail-qg0-x22c.google.com (mail-qg0-x22c.google.com [IPv6:2607:f8b0:400d:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 101181B38D7 for <oauth@ietf.org>; Wed, 4 Nov 2015 18:26:43 -0800 (PST)
Received: by qgeb1 with SMTP id b1so3362297qge.1 for <oauth@ietf.org>; Wed, 04 Nov 2015 18:26:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=kNiCLdrRYrka9/QzUn3wGzZnYhpna6SOJ2YeG/FJap8=; b=GS7N19OQnDLLLvyt3aTDfQAMBdmJsTjpNIbR2VtsmifzY6ITYNgBiwKj9TW/lYY28R Gb8EsAMlsIJKoNz0m9SnnnKuNT9H42QLor8FTTEBPcHQ1wHbec825eNO6NeRvtwWQ+l6 5iLOeeO0FblnnAVaafD5/gWlI2fJJgd3zYsvsGqUrNCewf0hcoAOoBc2n4SevzxCgngE YQZIyfHauq7tQU1pukGNd6u4dDLnL2u/GdSr3vbN71pZGIW+pk960GUqrmvme+iAMlAr z/H7gWDORj0fuY04cLt/25sivufntellXfz1NQ39HOl3wcaDNGrPG0WocPEJglz9zFdR TkIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=kNiCLdrRYrka9/QzUn3wGzZnYhpna6SOJ2YeG/FJap8=; b=D823o7JFJZ0SVZeZ0J6MRd78EgRdc61Jdnykzta1ROvqvd4kfJfLQ6wQ1IO/m5LSvf ws3MX/4ygB8T9PbIT+UTHJxZCJWy1OiUUNr8uxS9FLqF78R9kk+NZzs+Xz13iSETujk1 09rufsOG8Ce20Lc2mHHKQHUBzGPcXBe2Lpd2j9JixijdrG9COQkdwweBjZw8ocDXPQ+B PRML/NFeXf0Zq3lsSkexCshBSCMjHo4L2O9OhkLkeruvzlWQpQOcJqrWBHQ4SuzpfAbR Pod+RQgjdlmwda7uHopK021CIf3yd/RwWW+WSsfEXi3mQW8r3SnohlMTNLahQUaI5mJw 95yA==
X-Gm-Message-State: ALoCoQljliHXptAFlSr3mDOxIlaaIAAwJvxOHIFrZepjOS5zo8Y+0DFLP9zYdhjL3RF5NW52IA1e
X-Received: by 10.140.153.17 with SMTP id 17mr5197274qhz.91.1446690403044; Wed, 04 Nov 2015 18:26:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.81.99 with HTTP; Wed, 4 Nov 2015 18:26:23 -0800 (PST)
In-Reply-To: <563AA676.4060106@gmx.net>
References: <563AA676.4060106@gmx.net>
From: William Denniss <wdenniss@google.com>
Date: Thu, 5 Nov 2015 11:26:23 +0900
Message-ID: <CAAP42hAV-LkvF7LePwy0RiOp-Sm6yHc1TqxG3WdCKgzrMWU+-Q@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=001a113a06aa9302750523c1db26
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/LBSDYf6cO1yf18gEUOseQ4drKhM>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Device Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 02:26:46 -0000

Google has additional documentation here:
https://developers.google.com/identity/protocols/OAuth2ForDevices

The implementation mostly follows the original draft, but there are a few
differences. Also we've learnt a lot about the security and usability
implications of this flow along the way, which would be good to document.

On Thu, Nov 5, 2015 at 9:44 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net
> wrote:

> FYI: A couple of us got together and re-published an old, expired draft
> about the OAuth Device Flow.
>
> Here is the document:
> https://tools.ietf.org/html/draft-denniss-oauth-device-flow-00
>
> For the -00 version we tired to keep it inline with what has been
> available with draft-recordon-oauth-v2-device-00. In upcoming versions
> of this document we would like to capture existing deployment.
>
> Here are two deployment examples that are reasonably well described:
>
> - Google
> https://developers.google.com/youtube/v3/guides/auth/devices
>
> - Facebook
> https://developers.facebook.com/docs/facebook-login/for-devices
>
> Ciao
> Hannes
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>