Re: [OAUTH-WG] Is it allow to add custom attribute to access token response?
Bill Mills <wmills_92105@yahoo.com> Fri, 21 August 2015 16:41 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D30C61AC417 for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2015 09:41:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.209
X-Spam-Level:
X-Spam-Status: No, score=-2.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50qJmf5KlitV for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2015 09:41:29 -0700 (PDT)
Received: from nm7.bullet.mail.bf1.yahoo.com (nm7.bullet.mail.bf1.yahoo.com [98.139.212.166]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31EF61AC410 for <oauth@ietf.org>; Fri, 21 Aug 2015 09:41:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1440175288; bh=0o/tpc6clAkpwsCf0knFI56dWFmSR61IbKoQdnLfgY4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=MZKqLX8EBNKCWttazHBU3ERKnbVJL2X4t3mepei4Qz9+tbutZp8ebbqQjoUNZC11qAA19D+E4fuhRxUo1x87wKk+BN5+y2c2iSDZaM1Ik8RJUe6Lm8m668bPB2v9aML4I3tjxHb+bYBWR25dE28J1/fQw0q6gz0TeCEQL7f7OPe58j2hfj5DthS40FcmZERGy00bejyNZtU8HRlLyOYdRSOHpU5P7vgLyO0ky4QPlOOxUOwe0wd+MWO95FwYMU1Zpauso3O/M9PMWoWzFeaCvJNNpwpwJ/2nv9yWzNd5wHdnTIaZxmXHQ1wO7H/y1Qk2mXuO52vHd2mZFqstjRupaQ==
Received: from [98.139.214.32] by nm7.bullet.mail.bf1.yahoo.com with NNFMP; 21 Aug 2015 16:41:28 -0000
Received: from [98.139.212.217] by tm15.bullet.mail.bf1.yahoo.com with NNFMP; 21 Aug 2015 16:41:28 -0000
Received: from [127.0.0.1] by omp1026.mail.bf1.yahoo.com with NNFMP; 21 Aug 2015 16:41:28 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 331288.13212.bm@omp1026.mail.bf1.yahoo.com
X-YMail-OSG: ULvofRsVM1mc9EwHor.YMCPylWvAhAI0hgWxjWYCnZxKlxyEXMGEoyczMqq2hty Cj71z3hkFJk69N.RFBKc8S_Hn5m.CTyp7mPAGV61xWraHYO86k0zpf.qa1C9Xg43TQM0wRGPU78e 1j_F15KnIJfxaLXzOdAfKUWjR3TSAEWJu5xYkOPaCJeJruE3zEGD7wOM4iIUaQYly2.rdXFEM06A TnjrJ26OZULj3nDYoMS7hI1VT0HKdSkdBwmG_YNtlXqeuFNaNkRQO1pOI_kJaSF0Leja3SEVm_mE EVlf3s8r1d5SaqNmle8ioxXA.bBl0MWSM4o.9GxAq7WV3SH2RDhDCVaufsd13h_ZP4f0KgzoyKI9 rS9gJBj9qxFSMUNBDIvFcGjBIWeMgoM9aWYPYaeoT5Caaaer3xBkdf.dcQKxjlsSuILrb_P6kCyK 3r9fCjqCAmSRV_TUZ_vXDoUoQm2yVc3oRCLmrguJ5uAoEHz6NvWpUJhIHP7StIUicauMnwGuuRCF ry_IMU7t9xA--
Received: by 76.13.26.107; Fri, 21 Aug 2015 16:41:27 +0000
Date: Fri, 21 Aug 2015 16:41:21 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: John Bradley <ve7jtb@ve7jtb.com>, William Denniss <wdenniss@google.com>
Message-ID: <40935351.8157372.1440175281185.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <3AAE1F6E-1440-4086-8D31-911AFBC4310A@ve7jtb.com>
References: <3AAE1F6E-1440-4086-8D31-911AFBC4310A@ve7jtb.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_8157371_734855184.1440175281174"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/gqCjDzt5kqFEbS1NUMitHUG82Eg>
Cc: Donghwan Kim <flowersinthesand@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Is it allow to add custom attribute to access token response?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2015 16:41:32 -0000
And as John said, if you are doing user authentication use OpenID instead.
On Friday, August 21, 2015 9:38 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:
Yes going the unregistered route it is probably best to use a name in you namespace eg “com.example:username”.
On Aug 21, 2015, at 1:34 PM, William Denniss <wdenniss@google.com> wrote:
You can add additional parameters.
"The client MUST ignore unrecognized value names in the response" is there so that other clients who don't understand your parameters will ignore them. That line basically enables the behavior you wanted (if it said the client must *error* on unrecognized values, that would be a problem).
It would be best if you tried to name your params to be hardened against collision with any future extensions to OAuth/OpenID Connect (e.g., adding a vendor prefix)
On Thu, Aug 20, 2015 at 7:15 AM, Donghwan Kim <flowersinthesand@gmail.com> wrote:
Hi,
I would like to add a custom property representing the account who just authenticated to the access token response for the sake of convenience like login request's response. Then, an exchange of request and response will look like this:
POST /tokens HTTP/1.1Host: api.example.comContent-Type: application/json
{"grant_type":"password","username":"${username}","password":"${password}"}
HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-storePragma: no-cache
{ "access_token":"${JSON web token}", "token_type":"Bearer", "account": {"username":"donghwan", ...}}
However http://tools.ietf.org/html/rfc6749#section-5.1 says that
> The client MUST ignore unrecognized value names in the response.
Does it mean that I shouldn't add such property, 'account'? Though, I saw Instagram API adds such custom property to access token response for the same purpose from https://instagram.com/developer/authentication/ (Please find 'snoopdogg' to see that token response.) If it's not allowed or desirable, how should I add such information to the access token response?
BTW, I have some questions on usage of JSON web token with OAuth. Can I post them here? If not, where should I do that?
Thanks,
-- Donghawn
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Is it allow to add custom attribute to… Donghwan Kim
- Re: [OAUTH-WG] Is it allow to add custom attribut… Bill Mills
- Re: [OAUTH-WG] Is it allow to add custom attribut… William Denniss
- Re: [OAUTH-WG] Is it allow to add custom attribut… John Bradley
- Re: [OAUTH-WG] Is it allow to add custom attribut… John Bradley
- Re: [OAUTH-WG] Is it allow to add custom attribut… Bill Mills
- Re: [OAUTH-WG] Is it allow to add custom attribut… William Denniss
- Re: [OAUTH-WG] Is it allow to add custom attribut… John Bradley
- Re: [OAUTH-WG] Is it allow to add custom attribut… Donghwan Kim
- Re: [OAUTH-WG] Is it allow to add custom attribut… Donghwan Kim