[OAUTH-WG] Device flow feedback
Chris Needham <chris.needham@bbc.co.uk> Wed, 05 July 2017 10:02 UTC
Return-Path: <chris.needham@bbc.co.uk>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2100E1320F4 for <oauth@ietfa.amsl.com>; Wed, 5 Jul 2017 03:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CkEGtBy8Z8f for <oauth@ietfa.amsl.com>; Wed, 5 Jul 2017 03:02:49 -0700 (PDT)
Received: from mailout1.cwwtf.bbc.co.uk (mailout1.cwwtf.bbc.co.uk [132.185.160.180]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC0A131C58 for <oauth@ietf.org>; Wed, 5 Jul 2017 03:02:48 -0700 (PDT)
Received: from BGB01XI1008.national.core.bbc.co.uk (bgb01xi1008.national.core.bbc.co.uk [10.161.14.22]) by mailout1.cwwtf.bbc.co.uk (8.15.2/8.15.2) with ESMTP id v65A2lV1021419 for <oauth@ietf.org>; Wed, 5 Jul 2017 11:02:47 +0100 (BST)
Received: from BGB01XI1016.national.core.bbc.co.uk (10.161.14.79) by BGB01XI1008.national.core.bbc.co.uk (10.161.14.22) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Jul 2017 11:02:46 +0100
Received: from BGB01XUD1006.national.core.bbc.co.uk ([10.184.52.85]) by BGB01XI1016.national.core.bbc.co.uk ([10.161.14.79]) with mapi id 14.03.0319.002; Wed, 5 Jul 2017 11:02:46 +0100
From: Chris Needham <chris.needham@bbc.co.uk>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Device flow feedback
Thread-Index: AdL1ddkxQ9sWS93GQBKomA2Bj+H6vQ==
Date: Wed, 05 Jul 2017 10:02:45 +0000
Message-ID: <590FCC451AE69B47BFB798A89474BB363D8DF396@bgb01xud1006>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.161.213]
X-TM-AS-Product-Ver: SMEX-11.0.0.4255-8.100.1062-23176.006
X-TM-AS-Result: No--7.129500-0.000000-31
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: c91d45b2-6e10-4209-9543-d9970fac71b7
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/kQcnTF5U7H8tOiNUJfbO5UXkbYA>
Subject: [OAUTH-WG] Device flow feedback
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 10:02:51 -0000
Hi, I'm one of the contributors to the ETSI Cross Platform Authentication spec [1], which was based on an early draft of the OAuth 2.0 Device Flow. One of the things we found useful, and not included in the current OAuth 2.0 Device Flow [2, section 3.5], is a return code for the case where the authorization server decides to cancel the pairing process. This may be due to a user interaction, such as declining the presented terms and conditions, for example. Such a return code allows the client to stop polling and to display an appropriate message to the user. (I didn't find a suitable error code in RFC6749.) In the ETSI spec we used the error code 'cancelled' for this purpose: cancelled The authorization server has cancelled the pairing process. This can occur, for example, if the user declined to authorize the client, e.g., by not accepting terms and conditions presented to them by the authorization server. Best regards, Chris [1] http://www.etsi.org/deliver/etsi_ts/103400_103499/103407/01.01.01_60/ts_103407v010101p.pdf [2] https://tools.ietf.org/id/draft-ietf-oauth-device-flow-06.txt -- Chris Needham Principal Software Engineer BBC Research & Development Centre House, 56 Wood Lane, London W12 7SB
- [OAUTH-WG] Device flow feedback Chris Needham
- Re: [OAUTH-WG] Device flow feedback Thomas Broyer
- Re: [OAUTH-WG] Device flow feedback Chris Needham