[OAUTH-WG] Fwd: [Openid-specs-mobile-profile] Issue #145: 7.3 expires_in and interval should be required to be integers (openid/mobile)
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 December 2018 17:30 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AED9B130E73 for <oauth@ietfa.amsl.com>; Fri, 28 Dec 2018 09:30:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgVSTK5bsgmz for <oauth@ietfa.amsl.com>; Fri, 28 Dec 2018 09:30:33 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 919E4130E46 for <oauth@ietf.org>; Fri, 28 Dec 2018 09:30:33 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id x6so17194764ioa.9 for <oauth@ietf.org>; Fri, 28 Dec 2018 09:30:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=qp1DBAN9/5L1d1gOLuAkFVOZMJGnov8FW8RFHfUsVIY=; b=OE+LXWdQxt7jPuHk5wHjvIhbaopoRBlH3p5/4bjh63ymnfB3o8NdJxUXcSVXvcB7L7 fs3sjjm6yCu4SIhknmdvknNDvhziypNjJgTKDVyPDdDIx+8PMRmFXlv9xSDCnhtcBl/x KmO82YTCRz6k0xBrexhVgY+D15gHBV+j9TwAQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=qp1DBAN9/5L1d1gOLuAkFVOZMJGnov8FW8RFHfUsVIY=; b=AC7nRuyYjMZijW1jO7yPFqy+HfN+NgOsO5wKFXn979uk56NfMJdbEcYIqYuhg9lJgP TDWOc4Wja7seZcQGV+yVIVaUdAlxHSurQukfUb1C4kva5cfMW18tizxPpXArDGyNrCJn JvgQXEngMC69kU6NezL8rZd2hLvJ5D4W+CdrQPTZ4P0mTg1Upb23nuKVigTKcNOPls+s 4XzmhCiXJwFZ2Enx/R0zkyMKY4h5Q4yNElB4huqX5sNTLIaqRFb7zUZS8basODEIRZ8l QpNATMY71mf8LC1jXvgsy/EFZ7y4p0txO7QfCeowW0xs9Ooe5jONslJxSk/cYeH1Olp3 /XKQ==
X-Gm-Message-State: AJcUukdn8n0jHngrOJ1I22eXA/VZTyRz4ExrjcPmVGrMrXezHiv3h7F+ IK9wDU6C2ME2BirKHHMkkOh6HUEyVguCPJ6ninLulARN9+K0KKtIXWKYn7JdeAkAQ2OcY7zbSsW QSNvc0cyGH37AzeaVD1Q=
X-Google-Smtp-Source: ALg8bN7G3IMeOPcS2laK7oWyQfVfSK78/dOo88vbKh/GmABxP/trvYj0nMp0Ke/Yu+M9FwJgHUBB0bdECHg5n+OpjSA=
X-Received: by 2002:a5d:8597:: with SMTP id f23mr20769295ioj.238.1546018232351; Fri, 28 Dec 2018 09:30:32 -0800 (PST)
MIME-Version: 1.0
References: <20181227061955.16163.89598@celery-worker-111.ash1.bb-inf.net>
In-Reply-To: <20181227061955.16163.89598@celery-worker-111.ash1.bb-inf.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Dec 2018 10:30:06 -0700
Message-ID: <CA+k3eCQ34z0_gN+M=VpmFxnAaCjqq=kBk+uyTovPQCF6L7LMTA@mail.gmail.com>
To: oauth <oauth@ietf.org>, William Denniss <wdenniss@google.com>
Content-Type: multipart/alternative; boundary="0000000000008e5a91057e186bbf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_zIHQ-LMj9kf-NTOds_gPaDerV4>
Subject: [OAUTH-WG] Fwd: [Openid-specs-mobile-profile] Issue #145: 7.3 expires_in and interval should be required to be integers (openid/mobile)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Dec 2018 17:30:36 -0000
The below issue was raised in an OIDF WG about the so called CIBA draft, which has a number of significant similarities to the Device Flow, including the expires_in and interval response parameters noted in the issue. So *maybe* something to consider for the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices. ---------- Forwarded message --------- From: Joseph Heenan <issues-reply@bitbucket.org> Date: Wed, Dec 26, 2018 at 11:20 PM Subject: [Openid-specs-mobile-profile] Issue #145: 7.3 expires_in and interval should be required to be integers (openid/mobile) To: <openid-specs-mobile-profile@lists.openid.net> New issue 145: 7.3 expires_in and interval should be required to be integers https://bitbucket.org/openid/mobile/issues/145/73-expires_in-and-interval-should-be Joseph Heenan: expires_in and interval in the authentication response are (I believe) intended to integers, but it's not actually stated anywhere I could find. We should probably be explicit that it's a positive integer, or alternatively we could use a more RFC6749 type definition: > A.14. "expires_in" Syntax > > The "expires_in" element is defined in Sections 4.2.2 and 5.1: > > expires-in = 1*DIGIT _______________________________________________ Openid-specs-mobile-profile mailing list Openid-specs-mobile-profile@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Fwd: [Openid-specs-mobile-profile] Iss… Brian Campbell