Re: [OAUTH-WG] missing IANA registration for ? Fwd: I-D Action: draft-ietf-oauth-device-flow-12.txt

William Denniss <wdenniss@google.com> Mon, 01 October 2018 22:57 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24428129619 for <oauth@ietfa.amsl.com>; Mon, 1 Oct 2018 15:57:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82mjGAfhEEmT for <oauth@ietfa.amsl.com>; Mon, 1 Oct 2018 15:57:15 -0700 (PDT)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54949124C04 for <oauth@ietf.org>; Mon, 1 Oct 2018 15:57:15 -0700 (PDT)
Received: by mail-it1-x130.google.com with SMTP id w200-v6so693091itc.4 for <oauth@ietf.org>; Mon, 01 Oct 2018 15:57:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=n0bIrDQk2u1iAszUgDX7bvMKFW9PDD/iwpEtH4S4DGA=; b=tZXDYiALP5C0L1MZwl4yvG8NZdlu7wQ+fb2KWRxO9joiLRfMvDkyxiDDytoDXbcTDn 3UgWHEGIY4DaTFUCILjNVzehvLPWr6hOSBEN9kYcReFQ7N7WNDctGoB1Km+uRzko8vHq Ndbx9ZCxseFcugNRBIMvhXPXxSj6rDWpBseOHfqjL0/epd90ShCIrB82yzLIm1vE8oM/ lgHoTnehX7apfkQwvRsgO8IwZMha05qoovA8U0Lqq4hobbE4hZBj2XvFYmh3bIHoAjxr av2Tfqe0KBWF2DSTmb3lbcyt0FxwkW7RHEGf5WUI5XRYtkfSVY1nEsxRYuQi5Qn7Z8UO hUEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=n0bIrDQk2u1iAszUgDX7bvMKFW9PDD/iwpEtH4S4DGA=; b=NYxfQVRyt/nEncruRnjjus6IHJED08bniNgpUwjOUkFwIVqhAsPOUo9H8iqKD1nkcN Sfkj5sdOVlPF0mLXaMrwiCKg1dwxhdO3u5yICvwAR05KPJ0QFa/vt/EOJTwoECrhsPSD WfwjNbZIBX7J7sQOlx4/Chrt+ZdBV9VAPYT34kc1BjfFYxFb6LH7hVVxQBdwRCGWv1Y3 JLXjuTtkvxpO91yf94pKmkrKEscwPGsikdquWvCRO1EMOhi3r7e6ixc9VQ4qHLgjm2Fv OdxWw8bp7hfgsmTumK0Pq2aOBtJrXdjvzGMpJPAWTknHgmp70wNQhcRzKUqU8ZsxjLwv dBCw==
X-Gm-Message-State: ABuFfog6XRSwAPJlV7sgigCpnXbybYgT9+HFJ1bQx4FZ2lWm+rMQx+v6 sGIr+eGlVPnNPQIpYtcUpEa2dDLt5iFo4eGHsEOFqMWwCu4Lbw==
X-Google-Smtp-Source: ACcGV60MdP3Ept2cr7N0QnzQjyyONrDQy1reKsi7g3NYkuNs+W39a7dpcd1bzxyxq60MPSJLrcx2knohsdOvEuskPSs=
X-Received: by 2002:a02:9d28:: with SMTP id n37-v6mr10553010jak.80.1538434634219; Mon, 01 Oct 2018 15:57:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:e30a:0:0:0:0:0 with HTTP; Mon, 1 Oct 2018 15:56:53 -0700 (PDT)
In-Reply-To: <CA+k3eCQz7zDCBi5wJVCoG1cLGhrVn3pe-EX0xQWDr_GnVw5zzw@mail.gmail.com>
References: <153316758904.21922.15270209647384469158@ietfa.amsl.com> <CA+k3eCQz7zDCBi5wJVCoG1cLGhrVn3pe-EX0xQWDr_GnVw5zzw@mail.gmail.com>
From: William Denniss <wdenniss@google.com>
Date: Mon, 01 Oct 2018 15:56:53 -0700
Message-ID: <CAAP42hB7neewH2dQFs_Dbk92ov=gp5tb-hGWK3MR00ot82pTtA@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Cc: oauth <oauth@ietf.org>, draft-ietf-oauth-device-flow@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e27035057732b9a6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ai4rd2K5OZ5jsxI45WhvzF5ST3c>
Subject: Re: [OAUTH-WG] missing IANA registration for ? Fwd: I-D Action: draft-ietf-oauth-device-flow-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Oct 2018 22:57:19 -0000

Hi Brian,

Thank you for catching this, I believe you are correct.

Specifically, the "device_code" param when used on the token endpoint
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12#section-3.4
should be registered.  I will make this change.

Note that "device_code" (and other params) are also returned in the "Device
Authorization Response" however there is no "Parameter usage location"
category in the "OAuth Parameters Registry" for that endpoint.

William

On Mon, Oct 1, 2018 at 3:23 PM, Brian Campbell <bcampbell@pingidentity.com>
wrote:

> I realize this is very late in this draft's life cycle but I just noticed
> it while working on something different but coincidentally similar.
>
> The device flow defines a device_code parameter to be used in the access
> token request to the token endpoint[1] but doesn't register it as a token
> request parameter in the IANA Considerations[2] as would be
> expected/suggested by RFC6749's OAuth Parameters Registry[3].
>
> Should the device flow register the device_code parameter? Seems like it
> probably should.
>
> [1] https://tools.ietf.org/html/draft-ietf-oauth-device-flow-
> 12#section-3.4
> [2] https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12#section-7
> [3] https://tools.ietf.org/html/rfc6749#section-11.2
>
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Wed, Aug 1, 2018 at 5:53 PM
> Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-device-flow-12.txt
> To: <i-d-announce@ietf.org>
> Cc: <oauth@ietf.org>
>
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Web Authorization Protocol WG of the IETF.
>
>         Title           : OAuth 2.0 Device Flow for Browserless and Input
> Constrained Devices
>         Authors         : William Denniss
>                           John Bradley
>                           Michael B. Jones
>                           Hannes Tschofenig
>         Filename        : draft-ietf-oauth-device-flow-12.txt
>         Pages           : 20
>         Date            : 2018-08-01
>
> Abstract:
>    This OAuth 2.0 authorization flow for browserless and input-
>    constrained devices, often referred to as the device flow, enables
>    OAuth clients to request user authorization from devices that have an
>    Internet connection, but don't have an easy input method (such as a
>    smart TV, media console, picture frame, or printer), or lack a
>    suitable browser for a more traditional OAuth flow.  This
>    authorization flow instructs the user to perform the authorization
>    request on a secondary device, such as a smartphone.  There is no
>    requirement for communication between the constrained device and the
>    user's secondary device.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-device-flow-12
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-device-flow-12
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*