[OAUTH-WG] Question related to authorization code in OAuth 2.0
Bilal Ashraf <bilal.ashraf@gmail.com> Sat, 01 September 2012 21:39 UTC
Return-Path: <bilal.ashraf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 539F211E8146 for <oauth@ietfa.amsl.com>; Sat, 1 Sep 2012 14:39:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kfZOGYVKs2k for <oauth@ietfa.amsl.com>; Sat, 1 Sep 2012 14:39:15 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id C3CB711E8145 for <OAuth@ietf.org>; Sat, 1 Sep 2012 14:39:12 -0700 (PDT)
Received: by iabz21 with SMTP id z21so7347726iab.31 for <OAuth@ietf.org>; Sat, 01 Sep 2012 14:39:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=+RKNkz8a41x03lX1y4RGJ2sd+COe5ALsSsXi157p2Bw=; b=J4Ns3OxF+FSPrWliQU3Eo2fRkBl2FR2pkHYNTxNB6stUn9xo8jTVKDjsrTswxNyrmn 2DdgLRMmWiK1s5+7sVuLiK9Zeekulidh9ZtaYWhNnZIFIaCsV43uZXGOf/fFCRaryYDA 8xuWLu1umVxw2LWIJsvJx418OQknMze8SjSezgW7qmKWfQgnAtq2T7jKyAX+CYtytftz xkHvn+ofvqRm/fOPEMmGB5dKjZAChAeamVYo8wrFVz9913etJ9qhxbZDA3gnBrjR6lLk 0SOcNnLZde8achZAJAlKD3QkOk10R1Hd26EdI7WONrVKq0IGb5NCjz3MNhx5BiD6PZ0e QIeQ==
MIME-Version: 1.0
Received: by 10.50.236.65 with SMTP id us1mr6726227igc.17.1346535552229; Sat, 01 Sep 2012 14:39:12 -0700 (PDT)
Received: by 10.50.193.164 with HTTP; Sat, 1 Sep 2012 14:39:12 -0700 (PDT)
Date: Sun, 02 Sep 2012 02:39:12 +0500
Message-ID: <CAD_036mbk9TfySTqrstwMaaOHu_3T2C0KFpPyEi3drW4avr=tg@mail.gmail.com>
From: Bilal Ashraf <bilal.ashraf@gmail.com>
To: OAuth@ietf.org
Content-Type: multipart/alternative; boundary="14dae934090344a28c04c8aabd1b"
Subject: [OAUTH-WG] Question related to authorization code in OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Sep 2012 21:39:16 -0000
Hi, In Authorization code flow, after resource owner authentication and approval, the application is provided with an authorization code in response by authorization server. The authorization code is basically the resource owner authorization to the application for resource owner data access. That means authorization code is bound to the application. Is it possible that for two resource owner authentication, same authorization code is returned in response? e.g. Resource owner 1 : Authenticate successfully -> Approval -> authorization code = 123 issued Resource owner 2 : Authenticate successfully -> Approval -> authorization code = 123 issued Regards, Bilal Ashraf
- [OAUTH-WG] Question related to authorization code… Bilal Ashraf
- Re: [OAUTH-WG] Question related to authorization … John Bradley