[OAUTH-WG] Clarification in Section 2.0 of draft-ietf-oauth-revocation-00
doug foiles <doug.foiles@gmail.com> Mon, 11 June 2012 19:31 UTC
Return-Path: <doug.foiles@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3501821F864E for <oauth@ietfa.amsl.com>; Mon, 11 Jun 2012 12:31:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.133
X-Spam-Level:
X-Spam-Status: No, score=-3.133 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rk1ZIJgjnrHY for <oauth@ietfa.amsl.com>; Mon, 11 Jun 2012 12:31:32 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 966E921F864A for <oauth@ietf.org>; Mon, 11 Jun 2012 12:31:32 -0700 (PDT)
Received: by yhq56 with SMTP id 56so3370922yhq.31 for <oauth@ietf.org>; Mon, 11 Jun 2012 12:31:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=w7t8gUnN/piWS/NhbPsxP0PrsxFtf8fC5toi/8QAnCw=; b=ktkQR01SeeaueJ7IcBjmV9FGJPdnBBIyAlNlxPXxdhwP9niplfhYVHNW1+bNBQDX+V 9yWCHP+yZFuiLIkm3TVEMm4o+OoTVg07vKpe3d92+5zLJjKmWErMIvuZOA/qzRBwYec+ xcUuiPbTloU3OpSh8Hls5DUtbe3VHi3xEpVRz0tCpcvwmFF9NCkzXw4fvBDyWKObWIsD qy2qVIwBk7FtzSXefNCTo3+cb9P6c2M88CKsqri85D2xZ35mkjaI/z91c/5BEA3/5+1O i+05T8IJ5MAV48yOv/1NmdjRNfTYEO5xQRlx9hEzqtl7ToIWYiF/KmWjUf9vXpG2JQLz /ZdQ==
MIME-Version: 1.0
Received: by 10.50.207.3 with SMTP id ls3mr11648982igc.0.1339443091954; Mon, 11 Jun 2012 12:31:31 -0700 (PDT)
Received: by 10.231.199.135 with HTTP; Mon, 11 Jun 2012 12:31:31 -0700 (PDT)
Date: Mon, 11 Jun 2012 12:31:31 -0700
Message-ID: <CAA=QE7P_Mmak9_OvqQ4V33e-UHP-n_8oPNiHiYsx=P4syeDz-Q@mail.gmail.com>
From: doug foiles <doug.foiles@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="14dae9340d09b15afc04c2376512"
Subject: [OAUTH-WG] Clarification in Section 2.0 of draft-ietf-oauth-revocation-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 19:31:33 -0000
Hi all, I was hoping to get some clarity on a statement in section 2.0 of draft-ietf-oauth-revocation-00. If the processed token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens issued for that refresh token. My question is on the statement "access tokens issued for that refresh token". What does it mean to have an Access Token "issued" for a Refresh Token? This specific case is clear to me. I am refreshing an Access Token where I keep the same Refresh Token that I used to generate the new Access Token. I see the new Access Token was issued for that Refresh Token. However these two cases are a bit muddy to me. Let’s say I am using the "Resource Owner Password Credentials Grant" where the Access Token Response returns both an Access Token and Refresh Token. Would the Access Token have been issued for that Refresh Token? And let’s say I am refreshing an Access Token but choose to create a new Refresh Token and immediately revoke the original Refresh Token. Would the newly created Access Token have been issued for the original Refresh Token or the new one that was created. If a client would revoke a Refresh Token … I would like the Access Tokens in all of the above cases to be automatically revoked as well. I just want to make sure I understand the model. Thanks. Doug Foiles Intuit
- [OAUTH-WG] Clarification in Section 2.0 of draft-… doug foiles
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… Paul Madsen
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… George Fletcher
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… Paul Madsen
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… doug foiles
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… Justin Richer
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… doug foiles
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… Torsten Lodderstedt
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… Paul Madsen
- Re: [OAUTH-WG] Clarification in Section 2.0 of dr… doug foiles