Re: [OAUTH-WG] Getting a username from an access id in oauth2
Brian Hurt <bhurt42@gmail.com> Fri, 10 April 2015 13:04 UTC
Return-Path: <bhurt42@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5181B33F2 for <oauth@ietfa.amsl.com>; Fri, 10 Apr 2015 06:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQzrpvXJ_DRv for <oauth@ietfa.amsl.com>; Fri, 10 Apr 2015 06:04:35 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F94E1B3397 for <oauth@ietf.org>; Fri, 10 Apr 2015 06:04:35 -0700 (PDT)
Received: by wgin8 with SMTP id n8so17057578wgi.0 for <oauth@ietf.org>; Fri, 10 Apr 2015 06:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WqoRKeqFcZ3OXjkUNULRET+az7EyDUaH3kNYngAXEuA=; b=jAgJ81Tno7XiWyPGqr4d5gahW/r8RznCq2saRDu4pPy7u1KH50suIs7rKHSCXHYWYK sIkXyASppgF7Sg0JU0JRVsa1+fCd+bO3v/B3M3B4OiAPICuS3MQ1Zye6RLtfL7B2A23e C94V4/rKdiVHETY9v91+7AhIhuQcdU7IvHCr+ycmiFpNDJph1MEyFJShuB1tYX74PQFy dTz3XNpGvsPkVK4cfvNgCs1Fw19Hwj2RO7eg00G5UjhTjZhdEUQ9zDFYIDD/LVhMjqe3 c+evCrQQsNgfSqyGAfR8ao+DQkz6g8JQfpd9KabiF3ZBOhedJFEryv8/buiatL+LbaeF nXFA==
MIME-Version: 1.0
X-Received: by 10.181.27.229 with SMTP id jj5mr4783418wid.87.1428671074190; Fri, 10 Apr 2015 06:04:34 -0700 (PDT)
Received: by 10.194.6.202 with HTTP; Fri, 10 Apr 2015 06:04:34 -0700 (PDT)
In-Reply-To: <552700CB.2030702@pingidentity.com>
References: <CACBEjCxukh5vr14gG4kPoLuF+=WLm90za4hTEeVGPFGKdZvyhA@mail.gmail.com> <799DB637-8C8C-4B9A-995C-C005B7491616@oracle.com> <5526C9AF.8040109@gmx.net> <552700CB.2030702@pingidentity.com>
Date: Fri, 10 Apr 2015 09:04:34 -0400
Message-ID: <CACBEjCzqVo_7xk5XzdKh=ivw-xyJ0T-Sudvtp6RRKUJz1VWtSA@mail.gmail.com>
From: Brian Hurt <bhurt42@gmail.com>
To: Hans Zandbelt <hzandbelt@pingidentity.com>
Content-Type: multipart/alternative; boundary="001a1137fc02e0cc9405135e6702"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/lZ5qFrGoFA4RzgtintoAuI4fB3o>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Getting a username from an access id in oauth2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 13:04:37 -0000
Yes. I'm being handed the access id, client id, etc. of an oauth session, but not the username. So I was wondering if I was missing something obvious, or that I really do need the user name passed in as well. And it's sounding like the latter. Thanks, everyone, for your help. Brian On Thu, Apr 9, 2015 at 6:44 PM, Hans Zandbelt <hzandbelt@pingidentity.com> wrote: > without further context the original question may be about retrieving the > username of the user on whose behalf the OAuth 2.0 client is acting, which > is a valid question with a valid (introspection) answer in a pure OAuth 2.0 > scenario > > Hans. > > > On 4/9/15 7:49 PM, Hannes Tschofenig wrote: > >> Brian, >> >> in addition to what Phil said let me provide you with two references: >> >> * Article about user authentication and OAuth: >> http://oauth.net/articles/authentication/ >> >> * OpenID Connect specification as a way to do what you seem to be >> looking for: >> http://openid.net/connect/ >> >> Ciao >> Hannes >> >> >> On 04/09/2015 08:45 PM, Phil Hunt wrote: >> >>> This has been a long standing issue. OAuth is an authorization protocol >>> and not an authentication protocol. >>> >>> You might want to look at OpenID Connect for an OAuth profile that >>> addresses your case. >>> >>> Phil >>> >>> On Apr 9, 2015, at 10:35, Brian Hurt <bhurt42@gmail.com> wrote: >>>> >>>> >>>> This is probably the wrong place to ask this question- if so, I >>>> apologize. But I'm trying to figure out how to get a username given only >>>> an access id (and client id, etc.) in oauth2. Is this possible, and if so, >>>> how? >>>> >>>> Thanks, >>>> Brian >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> > -- > Hans Zandbelt | Sr. Technical Architect > hzandbelt@pingidentity.com | Ping Identity >
- [OAUTH-WG] Getting a username from an access id i… Brian Hurt
- Re: [OAUTH-WG] Getting a username from an access … Hannes Tschofenig
- Re: [OAUTH-WG] Getting a username from an access … Josh Mandel
- Re: [OAUTH-WG] Getting a username from an access … Phil Hunt
- Re: [OAUTH-WG] Getting a username from an access … Hans Zandbelt
- Re: [OAUTH-WG] Getting a username from an access … Bill Mills
- Re: [OAUTH-WG] Getting a username from an access … Adam Lewis
- Re: [OAUTH-WG] Getting a username from an access … Brian Hurt