Re: [OAUTH-WG] A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework
Prabath Siriwardena <prabath@wso2.com> Wed, 09 January 2013 06:47 UTC
Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9632821F8583 for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 22:47:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAR2wCY13c+c for <oauth@ietfa.amsl.com>; Tue, 8 Jan 2013 22:47:30 -0800 (PST)
Received: from mail-la0-f50.google.com (mail-la0-f50.google.com [209.85.215.50]) by ietfa.amsl.com (Postfix) with ESMTP id 42E7921F84C2 for <oauth@ietf.org>; Tue, 8 Jan 2013 22:47:29 -0800 (PST)
Received: by mail-la0-f50.google.com with SMTP id fs13so1496633lab.9 for <oauth@ietf.org>; Tue, 08 Jan 2013 22:47:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=qQO3nhiFZbqQIzTZgEnlYY6mPxH36MSE6A52JtxaHuc=; b=lMCN4okNgyORpAQ5+zTSRvhBzBZhxzLLxSbDpztpFQ8ZiC+ncEY9Hf2TV/hU4vQQqQ LEsgVsSonFuw6jvvdwvQp0926IiH8aiSpb83UcJnE9ErPYEsqZqHjgt4sWlNrTHUBhgX dwFxD1BbBr3v73x3grAa6v+hBQjvFw1m4x76Fl4bNGMQOBedQGXf/D0RDhiYk5rD19uU Z2GvT7Jt8CAeQUX2DvvY7kJ+Dvtga38ZJh7d84Gc8IVDfubS2VPGtgsTnSZIbBh8OiCP 1ZGGHhrt/tF1g12bJfEQEBrbX2AE/Hd3+/NKMwT4ZeW0OlZNG/B5MZ7NiXsmKYfwH3TX X9wA==
MIME-Version: 1.0
Received: by 10.152.45.229 with SMTP id q5mr63916362lam.34.1357714040029; Tue, 08 Jan 2013 22:47:20 -0800 (PST)
Received: by 10.114.69.130 with HTTP; Tue, 8 Jan 2013 22:47:19 -0800 (PST)
In-Reply-To: <CABFKGsdJtR3rX+=Puto2D40F9m4kT+rvR6EyU6mx3aEkxG5VNw@mail.gmail.com>
References: <190fcb42a851f2dfe73b2614b7880046@comp.polyu.edu.hk> <CAJV9qO80r93oOk-EjVukF0AUbc5-FWu8VhpVi+9WZBGzSjMrPA@mail.gmail.com> <CABFKGsdJtR3rX+=Puto2D40F9m4kT+rvR6EyU6mx3aEkxG5VNw@mail.gmail.com>
Date: Wed, 09 Jan 2013 12:17:19 +0530
Message-ID: <CAJV9qO_A-_5CbfREFBxXr1efaAG5hVdbOR03BNgWY=iBM11fFg@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: Peng Zhou <zpbrent@gmail.com>
Content-Type: multipart/alternative; boundary="bcaec550b3361003df04d2d56f84"
X-Gm-Message-State: ALoCoQm89OZMVMPkTkN8uYTNuoPvti9DCLytvmF1O+k/VAICtLWcL9LtOpqtIyEchseGHtVHCGUg
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 06:47:31 -0000
On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <zpbrent@gmail.com> wrote: > Dear Prabath: > > Thank you very much for your responses :-) > > However, I am still not quite sure why the authorization code must be > sent to the client through the RO's user-agent? > One reason I see is, bringing the authorization code via User Agent - links the user request to the authorization code. If AS directly sends the code to the Resource Server the mapping between the user request and the code is broken. Thanks & regards, -Prabath > > Best Regards > Brent > > 2013/1/9 Prabath Siriwardena <prabath@wso2.com>: > > Prabath > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
- [OAUTH-WG] A question of 1.3.1. Authorization Cod… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Prabath Siriwardena
- [OAUTH-WG] 答复: Re: A question of 1.3.1. Authoriza… zhou.sujing
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Prabath Siriwardena
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… cspzhouroc
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… cspzhouroc
- [OAUTH-WG] 答复: Re: 答复: Re: A question of 1.3.1. A… zhou.sujing
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Prabath Siriwardena
- [OAUTH-WG] 答复: Re: A question of 1.3.1. Authoriza… zhou.sujing
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… Prabath Siriwardena
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Phil Hunt
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Phil Hunt
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Phil Hunt
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… cspzhouroc
- Re: [OAUTH-WG] A question of 1.3.1. Authorization… Peng Zhou
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… Peng Zhou
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… Justin Richer
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… cspzhouroc
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… zhou.sujing
- Re: [OAUTH-WG] 答复: Re: A question of 1.3.1. Autho… Richer, Justin P.