[OAUTH-WG] RAR - Client Credentials and Authorization Details
Matthew De Haast <matt@coil.com> Thu, 14 May 2020 09:05 UTC
Return-Path: <matt.dehaast@coil.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63D3D3A07F7 for <oauth@ietfa.amsl.com>; Thu, 14 May 2020 02:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coil.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p3IyL8ihw8lj for <oauth@ietfa.amsl.com>; Thu, 14 May 2020 02:05:03 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 631B83A07F6 for <oauth@ietf.org>; Thu, 14 May 2020 02:05:03 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id l20so404803ilj.10 for <oauth@ietf.org>; Thu, 14 May 2020 02:05:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coil.com; s=g; h=mime-version:from:date:message-id:subject:to; bh=qcyF+FX9aaTmJzaNf5ilgDOsxKnJOKNIUy4OfwhtrAk=; b=AAcHtzLxu8JPzmfApBKRd6dNFvfqOCuGLA7pl6849W+gmXVI+RRCENYUVYY9ZzFA7D ZrzXSJS0qo3IYnr4ky6FcnxmP7FakPOLzkX7bAhXC3n2pF34Q8lIDhzTKGgCXtk4GBIG kfFL9tFCwe9tZqbSc6Tcp3Qlc7zXMZCaIC9s4JO8ozG9gDzCWZ4yt9v9K2Md6+bdGveW 1zX9NeEj2oqbJqegAArdbFosVdYYFh2WQFtKsU4pZmvwDL5WU26bp1vI0pbNvkF1ftdD xa2WM7IeVF253chtJd849/HT3bqX4Z1tXpwAdZBQ4foOQ6KDxEXuF3YdnA3/ILe73dsM EpOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qcyF+FX9aaTmJzaNf5ilgDOsxKnJOKNIUy4OfwhtrAk=; b=Dc46MxHzHI/zSCQauITNAts+nmBGRG+vYxmtVymHRYfiDA8B9pmfJueOYeyaYtRZ1h qgOMW62lEjzXcKrp6WJr274R6qh7D7kedkJP6TDmm1UKRX1KbjvDefXajyFQWAydh/VS 9bR0hFw4+VoxIZn8/QAqBDvL7IbGuLZjVm+D4XYRYQyZ0ziN9U7MZ1XGPMRE52lU1ChU d+G2zHiwWsbykEbaHS47hZiGPyTExjl50t32x5/NBfJtS5dJrNOIglG25N/ijcZlB1sK Sma2bpoHHmSntCt3grUeKgOhXRKAd+ima+jNIiG1hZnh5CDsZYuigpPKOWfP7E/+yTBU FRng==
X-Gm-Message-State: AOAM533f2Zsm62iryZmycBdAHvta3Bx/25wg8gxVbIBKpVy+5GGDIaiS qR+W2wGi4wm38acqNlttFXY2PL6WSMnaBHqjGf+9EFtDMR1JGA==
X-Google-Smtp-Source: ABdhPJxsasCaqzt2Ngaj+Ls/SiTvwpXPTL9dZVRtd2j6DTcy3jDZDvUxSEm/s+tKywSS2bUd/gv9Cju4eLADO9tlbk4=
X-Received: by 2002:a92:8747:: with SMTP id d7mr3673975ilm.235.1589447102149; Thu, 14 May 2020 02:05:02 -0700 (PDT)
MIME-Version: 1.0
From: Matthew De Haast <matt@coil.com>
Date: Thu, 14 May 2020 11:04:50 +0200
Message-ID: <CANsTMfEmmF6jBdgWAZtpycHFfO9RDeKN=VojEMiZP1O2pXZ-sA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e9caf505a597fd0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Yh2K8Phf9cHlxbNuuClx9sz7Noc>
Subject: [OAUTH-WG] RAR - Client Credentials and Authorization Details
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 09:05:07 -0000
RFC6749 allows scopes to be presented at the token endpoint for cases like client credentials grants. It's not clear how this could be achieved with the current RAR spec though when a Client using Client Credentials wants to request fine grained access using authorization_details. Or should this even be possible? Matt
- [OAUTH-WG] RAR - Client Credentials and Authoriza… Matthew De Haast
- Re: [OAUTH-WG] RAR - Client Credentials and Autho… Torsten Lodderstedt