Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re: Discussion needed on username and password ABNF definitions
George Fletcher <gffletch@aol.com> Fri, 15 June 2012 15:48 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A25C021F8646 for <oauth@ietfa.amsl.com>; Fri, 15 Jun 2012 08:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.669
X-Spam-Level:
X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Vrhb9i8Ou3A for <oauth@ietfa.amsl.com>; Fri, 15 Jun 2012 08:48:37 -0700 (PDT)
Received: from imr-db01.mx.aol.com (imr-db01.mx.aol.com [205.188.91.95]) by ietfa.amsl.com (Postfix) with ESMTP id E20B021F8628 for <oauth@ietf.org>; Fri, 15 Jun 2012 08:48:36 -0700 (PDT)
Received: from mtaout-mb02.r1000.mx.aol.com (mtaout-mb02.r1000.mx.aol.com [172.29.41.66]) by imr-db01.mx.aol.com (8.14.1/8.14.1) with ESMTP id q5FFmBaK007740; Fri, 15 Jun 2012 11:48:11 -0400
Received: from palantir.office.aol.com (palantir.office.aol.com [10.181.186.254]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb02.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 92ACCE0000B4; Fri, 15 Jun 2012 11:48:11 -0400 (EDT)
Message-ID: <4FDB593B.4080508@aol.com>
Date: Fri, 15 Jun 2012 11:48:11 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: oauth@ietf.org
References: <9dbeab60-8fe4-4828-9c52-d7af95378f4c@email.android.com> <0ec59f35-4a66-4719-adf3-114dab0d1d48@email.android.com> <40240328-0247-4278-BB7B-BE89AE130076@ve7jtb.com> <a55ad34e52e0f9755e548106d27c4b8c@treenet.co.nz>
In-Reply-To: <a55ad34e52e0f9755e548106d27c4b8c@treenet.co.nz>
Content-Type: multipart/alternative; boundary="------------040404010208080909040708"
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1339775291; bh=ZPUc35IuGPaAfJcmRWNUZ5Awx/Hp+qj3zNUNKzytbws=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=G1n6u5seVaQdshQ/w/y58IOzDNXzunjKlZQcaNCtXkfGpJ5XdmAZNxtvSpvfuBMTI To/LCvwej37qtna1dE2QzPdRf8kq6oddWGTa91nwCgg0L+M3+aCSaBVuAjHUJm3ey4 lgGDEcICr1CH4kDD5L7JH3427y4glF8OHySUne0w=
X-AOL-SCOLL-SCORE: 0:2:462005280:93952408
X-AOL-SCOLL-URL_COUNT: 0
x-aol-sid: 3039ac1d29424fdb593b092b
X-AOL-IP: 10.181.186.254
Subject: Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re: Discussion needed on username and password ABNF definitions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2012 15:48:37 -0000
+1 for a simple encoding and allowing ':' in the client_id On 6/13/12 6:53 PM, Amos Jeffries wrote: > On 14.06.2012 06:40, John Bradley wrote: >> That would probably work as well. That is why I am not particularly >> concerned about excluding the : >> >> We originally used the URI itself, mostly for convenience of >> debugging, but there are other potential options. >> >> The authorization server needs to compare the client_id and the >> redirect uri. But it could compare the hash with not much more work. >> Also a sha256 hash is probably longer than the uri it is hashing. >> >> I am not super concerned with being able to have : in the client_id >> >> John B. >> > > > If I'm following all these threads correctly the only explicit problem > with URI in client_id is HTTP username field being : terminated. > As such it does not have to be a hash per-se, just an encoding that > removes ":" and other reserved characters from the on-wire form *when > sent via HTTP*. > > AYJ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Torsten Lodderstedt
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… John Bradley
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Torsten Lodderstedt
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… John Bradley
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Mike Jones
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Amos Jeffries
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Jianhua Shao
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eran Hammer
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Torsten Lodderstedt
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Justin Richer
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… George Fletcher
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Mike Jones
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Brian Campbell
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eran Hammer
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Mike Jones
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Mike Jones
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Justin Richer
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Justin Richer
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Mike Jones
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Justin Richer