[OAUTH-WG] Question on the definition of an authorization endpoint response_type extension

Todd W Lainhart <lainhart@us.ibm.com> Wed, 23 January 2013 20:07 UTC

Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF77821F84C2 for <oauth@ietfa.amsl.com>; Wed, 23 Jan 2013 12:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.195
X-Spam-Level:
X-Spam-Status: No, score=-10.195 tagged_above=-999 required=5 tests=[AWL=0.403, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7h1ZN7bHai1F for <oauth@ietfa.amsl.com>; Wed, 23 Jan 2013 12:07:51 -0800 (PST)
Received: from e8.ny.us.ibm.com (e8.ny.us.ibm.com [32.97.182.138]) by ietfa.amsl.com (Postfix) with ESMTP id 30DBD21F84BC for <oauth@ietf.org>; Wed, 23 Jan 2013 12:07:50 -0800 (PST)
Received: from /spool/local by e8.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Wed, 23 Jan 2013 15:07:49 -0500
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e8.ny.us.ibm.com (192.168.1.108) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 23 Jan 2013 15:07:38 -0500
Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 5E8516E8060 for <oauth@ietf.org>; Wed, 23 Jan 2013 15:07:36 -0500 (EST)
Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r0NK7bM0247836 for <oauth@ietf.org>; Wed, 23 Jan 2013 15:07:37 -0500
Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r0NK7b0S018349 for <oauth@ietf.org>; Wed, 23 Jan 2013 15:07:37 -0500
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r0NK7a7h018320 for <oauth@ietf.org>; Wed, 23 Jan 2013 15:07:36 -0500
To: "IETF oauth WG" <oauth@ietf.org>
MIME-Version: 1.0
X-KeepSent: EB0736FF:A067B6C7-85257AFC:006DAB2F; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP2 SHF22 July 19, 2012
Message-ID: <OFEB0736FF.A067B6C7-ON85257AFC.006DAB2F-85257AFC.006E8EE6@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Wed, 23 Jan 2013 15:07:35 -0500
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF4|December 14, 2012) at 01/23/2013 15:07:36, Serialize complete at 01/23/2013 15:07:36
Content-Type: multipart/alternative; boundary="=_alternative 006E8EE685257AFC_="
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13012320-9360-0000-0000-00000F9B87FB
Subject: [OAUTH-WG] Question on the definition of an authorization endpoint response_type extension
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jan 2013 20:07:51 -0000

I've defined a new response_type for the authorization endpoint for 
dealing with sessions - call it "urn:example:session_code".  Am I required 
to also include that value in the response as the code identifier, as in 
(unencoded):

 
https://client.example.com/cb?urn:example:session_code=SplxlOBeZQQYbYS6WxSbIA

               &state=xyz

I can see arguments either way (returning "code" or 
"urn:example:session_code" as a response parameter) but I'm not finding 
guidance in 6749.

Also, I'm unsure if questions like this are appropriate for this mailing 
list's charter, or are best directed to stackoverflow.

thanks -- Todd