Re: [OAUTH-WG] RFC 7662 OAuth 2.0 Token Introspection: token_type

Justin Richer <jricher@mit.edu> Tue, 24 November 2015 15:34 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7621A88CF for <oauth@ietfa.amsl.com>; Tue, 24 Nov 2015 07:34:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.785
X-Spam-Level:
X-Spam-Status: No, score=-4.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id js5kwS-vZR9C for <oauth@ietfa.amsl.com>; Tue, 24 Nov 2015 07:34:08 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2468B1A87C0 for <oauth@ietf.org>; Tue, 24 Nov 2015 07:34:01 -0800 (PST)
X-AuditID: 12074425-f793c6d000006975-eb-565483682bc4
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id FE.F8.26997.86384565; Tue, 24 Nov 2015 10:34:00 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id tAOFXx9x007304; Tue, 24 Nov 2015 10:33:59 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAOFXvn5026412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 24 Nov 2015 10:33:58 -0500
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_4AD82252-5342-4D08-B784-209B4B367D5F"; protocol="application/pgp-signature"; micalg=pgp-sha256
X-Pgp-Agent: GPGMail 2.5.2
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <5654722E.3030708@connect2id.com>
Date: Tue, 24 Nov 2015 10:33:56 -0500
Message-Id: <FDF68C8B-D51E-4E77-9A72-249FBA1EC947@mit.edu>
References: <564B045C.50301@connect2id.com> <564B0C9A.5030809@gmx.net> <5654722E.3030708@connect2id.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
X-Mailer: Apple Mail (2.2104)
X-Brightmail-Tracker: H4sIAAAAAAAAA2WSW0gUURzGOXNZZzcnxlXztCXVVBbGuhskbBdFwgcJRC3ZoBcd3WlncXeU mV1RoVATKSsvZXktNW94gTLMS0Ermw+VREYY2UVIi4U1JSqLFLE5rJegt+983+//nf8wh8K1 c6SOsolOXhI5O6vSEFp16G69cCHVbHywuM3UPjxFmp7N+VSm+flvIA5PaPpRQia03nerEtra /mDJ+BnNMQtvt+XykiE2XSNc+VxM5jSY8loe3w4oBJeNZUBNQeYQ9PZPBPj1Fjg+dVdVBjSU lmnFYEWJj/Af+gC8UVMd4D98wmD5kJdAI8HMCbhwfQJDmmaioO/daxJBOFMN4GjDZ7wMUEqv Dta6GcSomL2wprcEQ7Za4ZuqMpBNKPbs0w4C2TiTBnv60pCkmSOwf/EcIrSMAD9MLAGkQxgj nJl9ift3DoePlqaxShBU/88O9f/ugAKcyYBvHtYDvz4AO1pmV30j/HLJR/7vG+DX+UbMr3fA wbnGVf8wbK17S/h1DHxX3rzKxMLpm3fIZrCpG4RbHAV6B2ezy3ymXs7kRJGX9KYoh80ZxVtc 9wH6kwHxe4dApYf1AIYCbCBdK50ya0kuV853eMBWCmND6ebCVLN2c0a2JV/gZCFNctl52QP2 KHdN3+sZBzpCzBZ5NoQ+alA42sLlF/BS9hq2jSLYMPrWz0SzlrFyTj6L53N4aS3dTlEspCeL lMEgibfyeWdtdudGjFFqD4BUoFK+ghhazuEcss3qz5+DXbowmi5WAgYFgktcn0WvNH3uSbQP hCmfFUzHISpQecPr0z6lGFOKR50pqNjJbUS6QrCvKwtbTiKLHrkd8aXy7PR7TWnli/1d3t8r A4ku1ULVScOMldSMpR33Jv+KdXpDGh5/rXAu90dYaKGkPaE9usrbOZI0XGu/dmykg/3ec/r9 wPmiLabggd7wFGHRk24uvdrTeSViZ8zH7s6xpOXBbxdFo3syMZIV675nfngVk8MSssAdjMQl mfsLvDkcwIADAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/T55q5O-vZRsS1afYx14lf2apC3o>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] RFC 7662 OAuth 2.0 Token Introspection: token_type
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 15:34:12 -0000

It should be left off of the the response. We probably should’ve had more examples for that. In general though it’s going to be the protected resource introspecting tokens, and they usually don’t have refresh tokens. We allow other kinds of tokens (ID Tokens, Refresh Tokens, etc) but the canonical use case is the protected resource getting information about an access token.

 — Justin

> On Nov 24, 2015, at 9:20 AM, Vladimir Dzhuvinov <vladimir@connect2id.com> wrote:
> 
> Thank you Hannes,
> 
> If the inspected token is a refresh token (which is permitted by the spec), what should the token_type response say?
> 
> Vladimir
> 
> On 17.11.2015 13:16, Hannes Tschofenig wrote:
> > Hi Vladimir,
> >
> > it is 'Bearer'.
> >
> > Section 5.1 in RFC 6749 defines the token_type concept and RFC 6750
> > registers the 'Bearer' token value (since it defines the bearer token
> > concept).
> >
> > We currently have work going on with the PoP token work to also extend
> > the concept further.
> >
> > Ciao
> > Hannes
> >
> >
> > On 11/17/2015 11:41 AM, Vladimir Dzhuvinov wrote:
> >> The "token_type" parameter in introspection responses - is that supposed
> >> to be "access_token" / "refresh_token", or the type of the access token,
> >> e.g. "Bearer"?
> >>
> >> https://tools.ietf.org/html/rfc7662#section-2.2 <https://tools.ietf.org/html/rfc7662#section-2.2>
> >>
> >> Section 5.1 in RFC 6749 that is referred to points to section 7.1 which
> >> seems to imply the latter?
> >>
> >> http://tools.ietf.org/html/rfc6749#section-7.1 <http://tools.ietf.org/html/rfc6749#section-7.1>
> >>
> >> Thanks,
> >>
> >> Vladimir
> >>
> >>
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >> OAuth@ietf.org <mailto:OAuth@ietf.org>
> >> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> >>
> >
> 
> --
> Vladimir Dzhuvinov :: vladimir@connect2id.com <mailto:vladimir@connect2id.com>
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth