IETF Logo Mail Archive

Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

William Denniss <wdenniss@google.com> Thu, 14 December 2017 22:43 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91FA912741D for <oauth@ietfa.amsl.com>; Thu, 14 Dec 2017 14:43:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X0F63yUf8g-q for <oauth@ietfa.amsl.com>; Thu, 14 Dec 2017 14:43:52 -0800 (PST)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 244E21242F5 for <oauth@ietf.org>; Thu, 14 Dec 2017 14:43:52 -0800 (PST)
Received: by mail-yb0-x233.google.com with SMTP id x83so4742314ybg.8 for <oauth@ietf.org>; Thu, 14 Dec 2017 14:43:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=whyBPXHwAtntF8XWgPa3oCMchkYNrYaYGyFDhiGqoA0=; b=rZVX8jqU927swPMSq+ZRGWWHds0prddKwPL3reMbhp2K4ksYIC0nChkHWWlzcNDrlo lk4Fi4EpdTewNFEULV7B1/6uJc1VGSEPJNRi/ZA94emPHLVviOjYq4IdQ4wtGKigDg5H 2FuaeGPlQ+LGcLjZwHiXl/YB5qX0/vs7zCdUNP1X/XVBJemynCrTXQsPkKIpytF34SxY wVKg2SgcXxa8Xg3vcnq5uheE7+oemGyBoYrXm2pfvpxLSf0HOG0IC0823ruBRzwtDSeR a2v5+uviaSyOCG4goUTzizDweD6QOp/FEOqpGe8nGCuuoEIqQA89i1Gjl+BWWbX9zqqk pWcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=whyBPXHwAtntF8XWgPa3oCMchkYNrYaYGyFDhiGqoA0=; b=stEaeL0YlKTz6q7G8bnf4Cj/ch0xcTmdvSMOU2yBOut6lVg2LkHwGrx0lUW4BI5ihq XEvkZhXi5ufHRkOnu4vlJ4YkP27WskV2WvBkb3Krx4UxdIWRYYLuSbeHq52IUFpbpC0W v0TvYQJ/aikXOED11PfBQvSWfiETSBvXMkiQ5DpUxWNYk3xeBd9ZtzzwALN2K1F45CWw ZSRkjKnvIWbeM0FBhX8tNsfeAgzsVzuQIscrFRhGkpBeZwbSOJ7SO+j6WZYEvQqTSnE+ Lz8hf0Lrs/Cb5Z8a0n2z1efe8tEiX1MNbu3KyqIjSgzbeSQjeVCKjgzIF1MlzfURs3wM arwA==
X-Gm-Message-State: AKGB3mK6EW5azRTXbAssY7XIxXfGRbDSX/uIU08Np7WRfArpg/hahPLN FKUbs2G4UIkgufSLtDm7n+vAw6mMobf0naCtH+nVrQcS
X-Google-Smtp-Source: ACJfBouLAPcpTJYKzI8EB06aMRYed6ORwZuZm0KKu5RwTbKB5/duhGKeG00Eu7WVGOxFTwEiHYe+oULzmoaD9FllXzc=
X-Received: by 10.37.185.5 with SMTP id x5mr5754527ybj.393.1513291429708; Thu, 14 Dec 2017 14:43:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.160.146 with HTTP; Thu, 14 Dec 2017 14:43:29 -0800 (PST)
In-Reply-To: <4e14a1ec-8b6d-476b-3949-8a0b63017232@connect2id.com>
References: <CAGL6epLJHUn+4E1jksJW=Zpu=DE84uQgARhHyPH3H8yAAkijOg@mail.gmail.com> <4e14a1ec-8b6d-476b-3949-8a0b63017232@connect2id.com>
From: William Denniss <wdenniss@google.com>
Date: Thu, 14 Dec 2017 14:43:29 -0800
Message-ID: <CAAP42hBY74goaNvJBb0yQ9AG4aQAmyVGxJFxHrUYtDdefouEJA@mail.gmail.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
Cc: oauth@ietf.org
Content-Type: multipart/alternative; boundary="089e08267e8c1cdcfa0560549e77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/PkzWQEp2GSCr8pyWVxNEe4NSxj8>
Subject: Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 22:43:55 -0000

On Fri, Dec 8, 2017 at 11:42 AM, Vladimir Dzhuvinov <vladimir@connect2id.com
> wrote:

> Hi,
>
> I just got a question on Twitter about the slow_down error:
>
> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07#section-3.5
>
> The question was why slow_down is communicated via HTTP status code 400
> and not 429 (Too Many Requests).
>

We could, it seems to match the intent of that error code. Main reason it's
not like that so far is that 400 is the default for OAuth, I fear people
may not be checking for a 429. We don't strictly *need* the 429, since
we're returning data in machine readable format one way or another (i.e.
it's easy for the client to extract the "slow_down" response either way),
which differs from HTML over HTTP which is intended for end-user
consumption, making the specific status code more important.

What do others think about this? It's a simple change to make.


>
> Thanks,
>
> Vladimir
>
>
> On 27/11/17 15:55, Rifaat Shekh-Yusef wrote:
> > All,
> >
> > As discussed in Singapore, we are starting a WGLC for the
> > *draft-ietf-oauth-device-flow-07* document, starting today and ending on
> > December 11, 2018.
> > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/
> >
> > Please, review the document and provide feedback on the list.
> >
> > Regards,
> >  Rifaat & Hannes
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

v2.23.0 | Report a Bug | By Email