IETF Logo Mail Archive

Re: [OAUTH-WG] treatment of client_id for authentication and identification

Brian Campbell <bcampbell@pingidentity.com> Tue, 26 July 2011 17:16 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F0221F89C2 for <oauth@ietfa.amsl.com>; Tue, 26 Jul 2011 10:16:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.953
X-Spam-Level:
X-Spam-Status: No, score=-5.953 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXH1fvz28pm3 for <oauth@ietfa.amsl.com>; Tue, 26 Jul 2011 10:16:53 -0700 (PDT)
Received: from na3sys009aog114.obsmtp.com (na3sys009aog114.obsmtp.com [74.125.149.211]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB6D21F886D for <oauth@ietf.org>; Tue, 26 Jul 2011 10:16:52 -0700 (PDT)
Received: from mail-qw0-f48.google.com ([209.85.216.48]) (using TLSv1) by na3sys009aob114.postini.com ([74.125.148.12]) with SMTP ID DSNKTi72g00wMBDgV+MpROvtZhsaWi+s4wWk@postini.com; Tue, 26 Jul 2011 10:16:53 PDT
Received: by mail-qw0-f48.google.com with SMTP id 9so456275qwj.35 for <oauth@ietf.org>; Tue, 26 Jul 2011 10:16:51 -0700 (PDT)
Received: by 10.224.207.194 with SMTP id fz2mr4952954qab.143.1311700611137; Tue, 26 Jul 2011 10:16:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.11.68 with HTTP; Tue, 26 Jul 2011 10:16:21 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723450245F58E0@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <CA+k3eCT6u2Zq676b6s12A=gOFEyBSZLEqK3Erq48mUeyUW+9AQ@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723450245F5786@P3PW5EX1MB01.EX1.SECURESERVER.NET> <CA+k3eCQxhi0bF+EwFYKyupMY0p2qe1a3htsHwLQKdqFkYZNQcA@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723450245F5799@P3PW5EX1MB01.EX1.SECURESERVER.NET> <CA+k3eCQDGpuiCQr5tNfdDed87Q1waqsFz+ZOpPEmASe7onFCjA@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723450245F58E0@P3PW5EX1MB01.EX1.SECURESERVER.NET>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 26 Jul 2011 11:16:21 -0600
Message-ID: <CA+k3eCToGfx-O-72gg_OHqdJMTc-gdEkTZRv6vtXGZM4B=575g@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] treatment of client_id for authentication and identification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 17:16:53 -0000

I'm probably somewhat biased by having read previous version of the
spec, previous WG list discussions, and my current AS implementation
(which expects client_id) but this seems like a fairly big departure
from what was in -16.  I'm okay with the change but feel it's wroth
mentioning that it's likely an incompatible one.

That aside, I feel like it could use some more explanation in
draft-ietf-oauth-v2 because, at least to me and hence my question, it
wasn't entirely clear how client_id should be used for those cases.

On Mon, Jul 25, 2011 at 4:18 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
>
> The client_id is currently only defined for password authentication on the token endpoint. If you are using Basic or any other form of authentication (or no authentication at all), you are not going to use the client_id parameter.

v2.23.0 | Report a Bug | By Email