IETF Logo Mail Archive

[OAUTH-WG] FW: WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

Mike Jones <Michael.Jones@microsoft.com> Thu, 30 November 2017 19:42 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB86129447 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 11:42:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWnRO3rkB6v5 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 11:42:51 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0107.outbound.protection.outlook.com [104.47.40.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04DBA126CE8 for <oauth@ietf.org>; Thu, 30 Nov 2017 11:42:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=g5A9N9INQQGIXiIRV8a2BsRTg60Fj9aHcrvsZl6cIIk=; b=GxRlMjQB25VTHPTpiMkBO6jYEvTS6pDwuC1UlHOD+wzhVcPqCj0Kk3UvYWImzCTzE6aeGK679uZMmr9AsZbE0NRtULllc5mDjaJT0Hf3gkpgM13IS53Y0U+dllJxIlaSUk366vr3ASRJUmm6lUnwm/XPsQ5vQK9kIWpwSiUpv8U=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0760.namprd21.prod.outlook.com (10.173.195.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.1; Thu, 30 Nov 2017 19:42:49 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0302.001; Thu, 30 Nov 2017 19:42:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
Thread-Index: AQHTZ4drm5+waW00Ek6dNR2Tcsv3tKMqkHdggAAPLy+AAPos4IABvR2A
Date: Thu, 30 Nov 2017 19:42:49 +0000
Message-ID: <CY4PR21MB05040F473126D3B22D48104BF5380@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <CAGL6epLJHUn+4E1jksJW=Zpu=DE84uQgARhHyPH3H8yAAkijOg@mail.gmail.com>, <CY4PR21MB0504AC11FCD417D24D345E2BF53B0@CY4PR21MB0504.namprd21.prod.outlook.com> <MWHPR03MB2958316EEA5A105A08A31A9BA03B0@MWHPR03MB2958.namprd03.prod.outlook.com> <CY1PR00MB01392D7BE42E801D682AB3C7BD3B0@CY1PR00MB0139.namprd00.prod.outlook.com>
In-Reply-To: <CY1PR00MB01392D7BE42E801D682AB3C7BD3B0@CY1PR00MB0139.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=muali@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-11-29T17:15:39.9933792Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:d::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0760; 6:ivTbxxh4rihz9DjCuUMjeOfUy4G5tr1jQPI1SqEfLHFUWHygdedGDrruzpcmC1nBwav2VNCkTXgOHdauYDiL4IRElLdRXAR5zX00zOxKk4Dz2hDOPh2EkCnL/5oEHV9Z9sc+p3LI4JZnKuAJrpmnrJlpb6ldqBnGBlIT+J20RXM5VHk2RrVt+P3pT83F1RAEwrX9Y4lYOhcN9NeMdt2espm0mYCyRe/9Rz8rROza7HuumsJuYW4oX5kZ2p1YytrPgRW8Vyp5PVM7egYWPWkMsog21ZQdU/bVjYzG/Q7r7JgGLRfz3jX/rfLRCajeBcC9dKypPcleyIEaWKS8jXLQwfVK6yeeRNiZLD+rb0bxCLY=; 5:7aUSKBxyaRaW8yFHiH3pZs2qH9GNal4qYor8L8DuBD/sJYiyDmFS1OYknq/WOANvCeE4YCunHfb+5AE6e+zw5xrp1P4B+Eo+od34POOhcNjar17XiqPoycpXWZOqSHDyBX7Jp9oVgVhPSsXiP4VHw0f2vodoFw80F0Ffm7x04TI=; 24:MMMW74MhHibbP9Y0T4z7k7pUdoBpLo95Eg7KlL/eRFMg0+qIu62CCRqNktt1mlO8tas5tAlMAHWnRGZTNOIKJo9bSFochHUtQ2HT8IfRQgE=; 7:RcTMlV3im0F/gLG0Ds2kuR8Sjr6f2aLwzdWZpqZ6tWbL7L8s9o4M+/FI3EYCECsqbaktoclAiTcAQmutxjUBnTN8x0stfH0y9+3xcuvvcVO51M0B8NVbpECVdZQ6anZetViTwiSD3etACwK3O3VvB89Jen8u5tifdyHZvMsoCC0QDe8niU9rmeq0ZT7/Pubq/Q3nw4XVD9DS2k1vE9KOdGrkzwunPF/6Re31KiwNcpBlMKM9YwPPt69ygMkRZT2d
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cdff451f-af18-49ec-3dba-08d5382a89f3
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603286); SRVR:CY4PR21MB0760;
x-ms-traffictypediagnostic: CY4PR21MB0760:
x-microsoft-antispam-prvs: <CY4PR21MB076062E13EDE07D5950B37A9F5380@CY4PR21MB0760.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(89211679590171)(120809045254105)(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231022)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4PR21MB0760; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR21MB0760;
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(376002)(346002)(47760400005)(199003)(189002)(22452003)(25786009)(8936002)(33656002)(8990500004)(101416001)(53936002)(2501003)(99286004)(97736004)(55016002)(10090500001)(14454004)(10290500003)(2950100002)(6916009)(2900100001)(74316002)(966005)(72206003)(478600001)(2351001)(606006)(106356001)(105586002)(53546010)(7736002)(189998001)(1730700003)(229853002)(102836003)(54896002)(2473003)(6306002)(9686003)(790700001)(6116002)(316002)(3280700002)(81166006)(6436002)(6506006)(5630700001)(81156014)(5660300001)(93886005)(50986010)(2906002)(7696005)(68736007)(86362001)(76176010)(236005)(86612001)(3660700001)(77096006)(5640700003)(8676002)(54356011); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0760; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB05040F473126D3B22D48104BF5380CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cdff451f-af18-49ec-3dba-08d5382a89f3
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 19:42:49.5901 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0760
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LsmzkqW_Mn45nodiRPqx4tg139k>
Subject: [OAUTH-WG] FW: WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 19:42:53 -0000

WGLC feedback from a Microsoft engineer using the device flow...

From: ...
Sent: Wednesday, November 29, 2017 9:16 AM
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: ...
Subject: RE: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

Hi Mike,

I got some comments around the user_code and its expiration which are not clear in the specs.

The user_code is not a one time use right? It seems to me that the user should be able to use the code more than once until the authorization is completed. Once the authorization is successful then the user_code should not be valid anymore.

The spec isn't clear about what if the user_code expires while the client is going through the authorization flow? Again, in my mind, the user_code is valid until the authorization is successful and if it expires any time before that then we should not continue with the authorization and tell the user that the user_code has expired. And if the user finished authorization and the user_code expires BEFORE the token is redeemed, then the 'expired_token' response should be sent back from the token endpoint.

Thanks,
...

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Rifaat Shekh-Yusef
Sent: Monday, November 27, 2017 5:55 AM
To: oauth <oauth@ietf.org<mailto:oauth@ietf.org>>
Subject: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

All,

As discussed in Singapore, we are starting a WGLC for the draft-ietf-oauth-device-flow-07 document, starting today and ending on December 11, 2017.
https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/

Please, review the document and provide feedback on the list.

Regards,
 Rifaat & Hannes

v2.23.0 | Report a Bug | By Email