[OAUTH-WG] FW: WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
Mike Jones <Michael.Jones@microsoft.com> Thu, 30 November 2017 19:42 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB86129447 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 11:42:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWnRO3rkB6v5 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 11:42:51 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0107.outbound.protection.outlook.com [104.47.40.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04DBA126CE8 for <oauth@ietf.org>; Thu, 30 Nov 2017 11:42:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=g5A9N9INQQGIXiIRV8a2BsRTg60Fj9aHcrvsZl6cIIk=; b=GxRlMjQB25VTHPTpiMkBO6jYEvTS6pDwuC1UlHOD+wzhVcPqCj0Kk3UvYWImzCTzE6aeGK679uZMmr9AsZbE0NRtULllc5mDjaJT0Hf3gkpgM13IS53Y0U+dllJxIlaSUk366vr3ASRJUmm6lUnwm/XPsQ5vQK9kIWpwSiUpv8U=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0760.namprd21.prod.outlook.com (10.173.195.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.1; Thu, 30 Nov 2017 19:42:49 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0302.001; Thu, 30 Nov 2017 19:42:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
Thread-Index: AQHTZ4drm5+waW00Ek6dNR2Tcsv3tKMqkHdggAAPLy+AAPos4IABvR2A
Date: Thu, 30 Nov 2017 19:42:49 +0000
Message-ID: <CY4PR21MB05040F473126D3B22D48104BF5380@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <CAGL6epLJHUn+4E1jksJW=Zpu=DE84uQgARhHyPH3H8yAAkijOg@mail.gmail.com>, <CY4PR21MB0504AC11FCD417D24D345E2BF53B0@CY4PR21MB0504.namprd21.prod.outlook.com> <MWHPR03MB2958316EEA5A105A08A31A9BA03B0@MWHPR03MB2958.namprd03.prod.outlook.com> <CY1PR00MB01392D7BE42E801D682AB3C7BD3B0@CY1PR00MB0139.namprd00.prod.outlook.com>
In-Reply-To: <CY1PR00MB01392D7BE42E801D682AB3C7BD3B0@CY1PR00MB0139.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=muali@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-11-29T17:15:39.9933792Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:d::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0760; 6:ivTbxxh4rihz9DjCuUMjeOfUy4G5tr1jQPI1SqEfLHFUWHygdedGDrruzpcmC1nBwav2VNCkTXgOHdauYDiL4IRElLdRXAR5zX00zOxKk4Dz2hDOPh2EkCnL/5oEHV9Z9sc+p3LI4JZnKuAJrpmnrJlpb6ldqBnGBlIT+J20RXM5VHk2RrVt+P3pT83F1RAEwrX9Y4lYOhcN9NeMdt2espm0mYCyRe/9Rz8rROza7HuumsJuYW4oX5kZ2p1YytrPgRW8Vyp5PVM7egYWPWkMsog21ZQdU/bVjYzG/Q7r7JgGLRfz3jX/rfLRCajeBcC9dKypPcleyIEaWKS8jXLQwfVK6yeeRNiZLD+rb0bxCLY=; 5:7aUSKBxyaRaW8yFHiH3pZs2qH9GNal4qYor8L8DuBD/sJYiyDmFS1OYknq/WOANvCeE4YCunHfb+5AE6e+zw5xrp1P4B+Eo+od34POOhcNjar17XiqPoycpXWZOqSHDyBX7Jp9oVgVhPSsXiP4VHw0f2vodoFw80F0Ffm7x04TI=; 24:MMMW74MhHibbP9Y0T4z7k7pUdoBpLo95Eg7KlL/eRFMg0+qIu62CCRqNktt1mlO8tas5tAlMAHWnRGZTNOIKJo9bSFochHUtQ2HT8IfRQgE=; 7:RcTMlV3im0F/gLG0Ds2kuR8Sjr6f2aLwzdWZpqZ6tWbL7L8s9o4M+/FI3EYCECsqbaktoclAiTcAQmutxjUBnTN8x0stfH0y9+3xcuvvcVO51M0B8NVbpECVdZQ6anZetViTwiSD3etACwK3O3VvB89Jen8u5tifdyHZvMsoCC0QDe8niU9rmeq0ZT7/Pubq/Q3nw4XVD9DS2k1vE9KOdGrkzwunPF/6Re31KiwNcpBlMKM9YwPPt69ygMkRZT2d
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cdff451f-af18-49ec-3dba-08d5382a89f3
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603286); SRVR:CY4PR21MB0760;
x-ms-traffictypediagnostic: CY4PR21MB0760:
x-microsoft-antispam-prvs: <CY4PR21MB076062E13EDE07D5950B37A9F5380@CY4PR21MB0760.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(89211679590171)(120809045254105)(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231022)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4PR21MB0760; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR21MB0760;
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(376002)(346002)(47760400005)(199003)(189002)(22452003)(25786009)(8936002)(33656002)(8990500004)(101416001)(53936002)(2501003)(99286004)(97736004)(55016002)(10090500001)(14454004)(10290500003)(2950100002)(6916009)(2900100001)(74316002)(966005)(72206003)(478600001)(2351001)(606006)(106356001)(105586002)(53546010)(7736002)(189998001)(1730700003)(229853002)(102836003)(54896002)(2473003)(6306002)(9686003)(790700001)(6116002)(316002)(3280700002)(81166006)(6436002)(6506006)(5630700001)(81156014)(5660300001)(93886005)(50986010)(2906002)(7696005)(68736007)(86362001)(76176010)(236005)(86612001)(3660700001)(77096006)(5640700003)(8676002)(54356011); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0760; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB05040F473126D3B22D48104BF5380CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cdff451f-af18-49ec-3dba-08d5382a89f3
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 19:42:49.5901 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0760
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LsmzkqW_Mn45nodiRPqx4tg139k>
Subject: [OAUTH-WG] FW: WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 19:42:53 -0000
WGLC feedback from a Microsoft engineer using the device flow... From: ... Sent: Wednesday, November 29, 2017 9:16 AM To: Mike Jones <Michael.Jones@microsoft.com> Cc: ... Subject: RE: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices Hi Mike, I got some comments around the user_code and its expiration which are not clear in the specs. The user_code is not a one time use right? It seems to me that the user should be able to use the code more than once until the authorization is completed. Once the authorization is successful then the user_code should not be valid anymore. The spec isn't clear about what if the user_code expires while the client is going through the authorization flow? Again, in my mind, the user_code is valid until the authorization is successful and if it expires any time before that then we should not continue with the authorization and tell the user that the user_code has expired. And if the user finished authorization and the user_code expires BEFORE the token is redeemed, then the 'expired_token' response should be sent back from the token endpoint. Thanks, ... From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Rifaat Shekh-Yusef Sent: Monday, November 27, 2017 5:55 AM To: oauth <oauth@ietf.org<mailto:oauth@ietf.org>> Subject: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices All, As discussed in Singapore, we are starting a WGLC for the draft-ietf-oauth-device-flow-07 document, starting today and ending on December 11, 2017. https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ Please, review the document and provide feedback on the list. Regards, Rifaat & Hannes
- [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Bro… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Rifaat Shekh-Yusef
- [OAUTH-WG] FW: WGLC for OAuth 2.0 Device Flow for… Mike Jones
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Vladimir Dzhuvinov
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Brian Campbell
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… William Denniss
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… William Denniss
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Vladimir Dzhuvinov
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… William Denniss
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… Hollenbeck, Scott
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… William Denniss
- Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for… William Denniss