Re: [OAUTH-WG] Securing APIs with OAuth 2.0

Antonio Sanso <asanso@adobe.com> Thu, 01 March 2012 12:42 UTC

Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95BA321F8691 for <oauth@ietfa.amsl.com>; Thu, 1 Mar 2012 04:42:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.669
X-Spam-Level:
X-Spam-Status: No, score=-105.669 tagged_above=-999 required=5 tests=[AWL=0.930, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9Y+zQ7bJfag for <oauth@ietfa.amsl.com>; Thu, 1 Mar 2012 04:42:09 -0800 (PST)
Received: from exprod6og105.obsmtp.com (exprod6og105.obsmtp.com [64.18.1.189]) by ietfa.amsl.com (Postfix) with ESMTP id D6C2821F8686 for <oauth@ietf.org>; Thu, 1 Mar 2012 04:42:06 -0800 (PST)
Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob105.postini.com ([64.18.5.12]) with SMTP ID DSNKT09unQm6oIiwl/wsdXA5CmXYGqVVjOX3@postini.com; Thu, 01 Mar 2012 04:42:07 PST
Received: from inner-relay-4.eur.adobe.com (inner-relay-4b [10.128.4.237]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q21Cg4N3023881; Thu, 1 Mar 2012 04:42:04 -0800 (PST)
Received: from nahub02.corp.adobe.com (nahub02.corp.adobe.com [10.8.189.98]) by inner-relay-4.eur.adobe.com (8.12.10/8.12.9) with ESMTP id q21Cg3Pl007932; Thu, 1 Mar 2012 04:42:04 -0800 (PST)
Received: from eurhub01.eur.adobe.com (10.128.4.30) by nahub02.corp.adobe.com (10.8.189.98) with Microsoft SMTP Server (TLS) id 8.3.192.1; Thu, 1 Mar 2012 04:42:03 -0800
Received: from eurmbx01.eur.adobe.com ([10.128.4.32]) by eurhub01.eur.adobe.com ([10.128.4.30]) with mapi; Thu, 1 Mar 2012 12:42:01 +0000
From: Antonio Sanso <asanso@adobe.com>
To: Pete Clark <pete@appmuscle.com>
Date: Thu, 1 Mar 2012 12:41:59 +0000
Thread-Topic: [OAUTH-WG] Securing APIs with OAuth 2.0
Thread-Index: Acz3qLJzG3trYP/ERxqdPfVJmkQZbA==
Message-ID: <AF8FE11A-686C-4AF2-94E2-2DBFD284D75A@adobe.com>
References: <B691F720-809F-4A9E-8C8E-6BF98EE68F07@appmuscle.com>
In-Reply-To: <B691F720-809F-4A9E-8C8E-6BF98EE68F07@appmuscle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Securing APIs with OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2012 12:42:09 -0000

Hi Pete

On Mar 1, 2012, at 3:44 AM, Pete Clark wrote:

> 2) Point me to an implementation of this flow (in any language) that I could use or port to PHP?  I've found some libraries for php but can't really tell, being new, if they offer the "client credentials" flow

In Apache Amber (OAuth protocol implementation in Java) [0] you might find something you can reuse.

Regards

Antonio

[0] http://incubator.apache.org/amber/