IETF Logo Mail Archive

Re: [OAUTH-WG] Change grant_type="none" to something less confusing

Luke Shepard <lshepard@facebook.com> Sat, 17 July 2010 15:52 UTC

Return-Path: <lshepard@facebook.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3CB63A6951 for <oauth@core3.amsl.com>; Sat, 17 Jul 2010 08:52:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.968
X-Spam-Level:
X-Spam-Status: No, score=-1.968 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIeL16UTSzUg for <oauth@core3.amsl.com>; Sat, 17 Jul 2010 08:52:47 -0700 (PDT)
Received: from mx-out.facebook.com (outmail024.snc1.tfbnw.net [69.63.178.183]) by core3.amsl.com (Postfix) with ESMTP id E1BA63A6868 for <oauth@ietf.org>; Sat, 17 Jul 2010 08:52:47 -0700 (PDT)
Received: from [10.18.255.139] ([10.18.255.139:48979] helo=mail.thefacebook.com) by mta021.snc1.facebook.com (envelope-from <lshepard@facebook.com>) (ecelerity 2.2.2.45 r(34067)) with ESMTP id 9F/28-17956-8D1D14C4; Sat, 17 Jul 2010 08:52:56 -0700
Received: from SC-MBX06.TheFacebook.com ([169.254.5.94]) by sc-hub03.TheFacebook.com ([fe80::1cfe:1f6b:8b35:cf7f%11]) with mapi; Sat, 17 Jul 2010 08:52:55 -0700
From: Luke Shepard <lshepard@facebook.com>
To: Brian Eaton <beaton@google.com>
Thread-Topic: [OAUTH-WG] Change grant_type="none" to something less confusing
Thread-Index: AcslLStlY2bWOda0k0GQasbZ66+p+QAQ5ccAACSCKIA=
Date: Sat, 17 Jul 2010 15:52:55 +0000
Message-ID: <AA83846D-1817-4B51-9F3E-CA9DD91862D6@facebook.com>
References: <1279297826.11628.61.camel@localhost.localdomain> <AANLkTinRE0My8GRTVrBM9cwyCWgrpeYQzul3YBp_Z-8A@mail.gmail.com> <AANLkTim_GpxKx2G6FQN9TGwMYxnRv4N7pOo7Yo3g2s6c@mail.gmail.com> <AANLkTinDwGDYq4IYA9BKJakdEMnR8FbruTqR4i_zS88p@mail.gmail.com> <AANLkTinbbIJ03UPFWibPJC569ckseU33Tnyf-1BYRGj2@mail.gmail.com> <AANLkTimfdpugQSgTMUPtLy-xOMIB-dJ4E8IMzB5EwU6R@mail.gmail.com> <AANLkTintmqhY1PY51h4DcXEI0r3FQmIB92pP3vykPQrw@mail.gmail.com> <3AF1FD6F-2178-42ED-833C-D93C534DDA8A@hueniverse.com> <AANLkTindn2UOcqWz410_UnyAORe58_XpXQKcy5sMt_pF@mail.gmail.com>
In-Reply-To: <AANLkTindn2UOcqWz410_UnyAORe58_XpXQKcy5sMt_pF@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5d186609-3fc8-469b-b25c-1d7f5a34fdf7>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Change grant_type="none" to something less confusing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2010 15:52:48 -0000

Facebook does need to implement this - formerly the "client_cred" flow. We need apps to be able to interact directly with the service without a user involved.

As far as consistency, it is just a little weird to call it "client password" in one part of the spec, when it's defined as "client secret" elsewhere. We wouldn't call it the "client secret" flow because the client secret is used in other flows; I think the same argument applies to the term "client password".

How about just "client_only" ? Eran, I don't think I understand the other use cases you're talking about.

On Jul 16, 2010, at 3:27 PM, Brian Eaton wrote:

> I withdraw my question.  David might not be interested in implementing
> the client password flow, but he is certainly interested in
> implementing other flows that involve the client password term.  So
> he's entitled to an opinion on what color the client password bike
> shed should be painted. =)
> 
> (David, no offense, I'm just trying to stick by my guns on the whole
> "stop screwing up the spec by merging separate use cases into single
> flows" thing...)
> 
> On Fri, Jul 16, 2010 at 2:23 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
>> And that matters how?
>> 
>> EHL
>> 
>> 
>> 
>> On Jul 16, 2010, at 16:57, "Brian Eaton" <beaton@google.com> wrote:
>> 
>>> On Fri, Jul 16, 2010 at 1:37 PM, David Recordon <recordond@gmail.com> wrote:
>>>> I've always found "client password" to be a confusing term.
>>> 
>>> Are you going to support this flow at all...?
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.34.0 | Report a Bug | By Email | System Status