Re: [OAUTH-WG] Direct Grant missing in draft-parecki-oauth-v2-1
Rob Otto <robotto@pingidentity.com> Thu, 09 April 2020 07:56 UTC
Return-Path: <robertotto@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD6F3A096E for <oauth@ietfa.amsl.com>; Thu, 9 Apr 2020 00:56:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u03dx51OveeS for <oauth@ietfa.amsl.com>; Thu, 9 Apr 2020 00:56:00 -0700 (PDT)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DC413A0DF8 for <oauth@ietf.org>; Thu, 9 Apr 2020 00:56:00 -0700 (PDT)
Received: by mail-pg1-x52a.google.com with SMTP id l14so4639825pgb.1 for <oauth@ietf.org>; Thu, 09 Apr 2020 00:56:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7awJcDxYmyhRANjDya2nt9byVl6oy8Lb1wdnKeeAe2g=; b=OXxdX7R39lNgniuAloCQDD5ikWaV3lvQywekRvfvejyfuIph+vXGf1dzwcolw1Ph66 aM7q0YgcgLjVqmYN01CetF9M5zZ4HP1pwoDhIAD6pnANRlRkgxNQ5tlLxIGbFWESS0o2 QaiiMtLruhnhLtuzWhPpUSd+d6ir1UiWoJqoA3nV3i0pClj5zXEscLnUcY1KJaCkYueg /b0ZDXzDsVp6/xVo8xa+92d8g6WH95de72Eha/UsQYAXlIRZ77cSnHzi8w3+fBE9eony T3oZjXzFTYTR9oJ8YLItjvT2XOIO8nzwkmJYsRoCCUOmJNROxx3KN1tAg5gqa0ctU+j5 qJdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7awJcDxYmyhRANjDya2nt9byVl6oy8Lb1wdnKeeAe2g=; b=IgCfIzxXDwks4PJKwngH+COQBTqT/wdzbMYxFqUUkBaKSALt9y6bmdofh9MKXx67jF Fg18IBjKYdcnnmMV0rsLu6g0qFwYfOpAgwEhv+4OVNaGzWIgiSAl7Xvezs9YEnVYxcMq XJkaORgbxkyzN5nGuGK5uwJkIPUANnYMk1R/jSNSXUD5wEwZuzWBJ2dO0QOovBVUoYWA xKo4FpJHqNUWGvsKHvWUh7F2RV+EYLJbP3dsvWQwRYCc7j3rN79gkcVPXyOginXo9z0E VgpbGjbKNPWJNQuefWv62DeyQAj2vEXXWOzB+sIBskf0Pm6OD//S7tW9735KLiPjX8oD gSaQ==
X-Gm-Message-State: AGi0PuZv2yLnUOBS8mHe49yZg87onjJjfPh0ZRvMaFHNT7GmH1qnKhi1 p/8NXHjyURwXLBV7MG8YMO+BYTB5AjqFLh1xgglv9Nw6NrdXq74L+vV4OvpnJLUx9g7O36kKgZk nbVWhEOCESpps8Crm
X-Google-Smtp-Source: APiQypIDRStG3rsiuB7Xiu7ZdTE/hewzkrDCf/Xunwm6oD82TyvwQiwLG0v0J1AidGsMNdQgAfImEDE1JSNf6N49jLA=
X-Received: by 2002:a63:f615:: with SMTP id m21mr10637184pgh.107.1586418959443; Thu, 09 Apr 2020 00:55:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAOW4vyPN7iCt9FdGDhzFWsPB=PVcRaLqgTHtAFA07D-E6SuzzQ@mail.gmail.com> <07ef79c7-9ae7-98ee-d3d2-b4e7fa68644c@danielfett.de>
In-Reply-To: <07ef79c7-9ae7-98ee-d3d2-b4e7fa68644c@danielfett.de>
From: Rob Otto <robotto@pingidentity.com>
Date: Thu, 09 Apr 2020 08:55:48 +0100
Message-ID: <CABh6VRGvkyWD1-ffRqJHVRp3wkaZ2bB3PRfb3wj-cE7N0OcQCA@mail.gmail.com>
To: Daniel Fett <fett@danielfett.de>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008b56e105a2d6f20d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lUDlMcjG2vBk6LyaqxY-aOXdT8w>
Subject: Re: [OAUTH-WG] Direct Grant missing in draft-parecki-oauth-v2-1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 07:56:02 -0000
I'd imagine you have to pre-register each client and then use HOTP or TOTP to generate one-time passcodes. On Thu, 9 Apr 2020 at 08:25, Daniel Fett <fett@danielfett.de> wrote: > Hi Francis, > > Am 08.04.20 um 23:59 schrieb Francis Pouatcha: > > As a replacement of RFC 6749 I am missing a "Direct Grant" with the same > simplicity as the "Resource Owner Password Credentials" grant of RFC 6749. > > The reason is that browser redirects are too complex and most of the time > badly implemented by small teams. For the sake of having SMEs use oAuth 2.1 > with their limited development capacities, I suggest keeping the simple "Resource > Owner Password Credentials" with an OTP replacing the permanent password. > > How does the Client get the OTP in that case? > > -Daniel > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- <https://www.pingidentity.com>[image: Ping Identity] <https://www.pingidentity.com> Rob Otto EMEA Field CTO/Solutions Architect robertotto@pingidentity.com c: +44 (0) 777 135 6092 Connect with us: [image: Glassdoor logo] <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> [image: LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter logo] <https://twitter.com/pingidentity> [image: facebook logo] <https://www.facebook.com/pingidentitypage> [image: youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image: Blog logo] <https://www.pingidentity.com/en/blog.html> <https://www.google.com/url?q=https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/faqs/en/consumer-attitudes-post-breach-era-3375.pdf?id%3Db6322a80-f285-11e3-ac10-0800200c9a66&source=gmail&ust=1541693608526000&usg=AFQjCNGBl5cPHCUAVKGZ_NnpuFj5PHGSUQ> <https://www.pingidentity.com/en/events/d/identify-2019.html> <https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/Misc/en/3464-consumersurvey-execsummary.pdf> <https://www.pingidentity.com/en/events/e/rsa.html> <https://www.pingidentity.com/en/events/e/rsa.html> <https://www.pingidentity.com/en/lp/e/enabling-work-from-home-with-MFA.html> *If you’re not a current customer, click here <https://www.pingidentity.com/en/lp/e/work-from-home-sso-mfa.html?utm_source=Email&utm_campaign=WF-COVID19-New-EMSIG> for a more relevant offer.* -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Direct Grant missing in draft-parecki-… Francis Pouatcha
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Aaron Parecki
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Francis Pouatcha
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Dick Hardt
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Daniel Fett
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Rob Otto
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Daniel Fett
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Justin Richer
- Re: [OAUTH-WG] Direct Grant missing in draft-pare… Francis Pouatcha