[OAUTH-WG] 答复: Re: A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework

zhou.sujing@zte.com.cn Wed, 09 January 2013 06:57 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85B8421F8750; Tue, 8 Jan 2013 22:57:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -93.55
X-Spam-Level:
X-Spam-Status: No, score=-93.55 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usZfqf0-sp+Z; Tue, 8 Jan 2013 22:57:54 -0800 (PST)
Received: from zte.com.cn (mx5.zte.com.cn [63.217.80.70]) by ietfa.amsl.com (Postfix) with ESMTP id 6057B21F84DE; Tue, 8 Jan 2013 22:57:54 -0800 (PST)
Received: from mse01.zte.com.cn (unknown [10.30.3.20]) by Websense Email Security Gateway with ESMTPS id C96B3126A5CC; Wed, 9 Jan 2013 15:00:09 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id r096vVnK053772; Wed, 9 Jan 2013 14:57:31 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <CAJV9qO_A-_5CbfREFBxXr1efaAG5hVdbOR03BNgWY=iBM11fFg@mail.gmail.com>
To: Prabath Siriwardena <prabath@wso2.com>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFA8C733ED.9AAF57BF-ON48257AEE.002628A4-48257AEE.00263D78@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Wed, 09 Jan 2013 14:57:18 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.3FP1 HF212|May 23, 2012) at 2013-01-09 14:57:28, Serialize complete at 2013-01-09 14:57:28
Content-Type: multipart/alternative; boundary="=_alternative 00263D7848257AEE_="
X-MAIL: mse01.zte.com.cn r096vVnK053772
Cc: Peng Zhou <zpbrent@gmail.com>, oauth@ietf.org, oauth-bounces@ietf.org
Subject: [OAUTH-WG] 答复: Re: A question of 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 06:57:55 -0000

Well, AS could send the request along with the auth code.

oauth-bounces@ietf.org 写于 2013-01-09 14:47:19:

> 

> On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <zpbrent@gmail.com> wrote:
> Dear Prabath:
> 
> Thank you very much for your responses :-)
> 
> However, I am still not quite sure why the authorization code must be
> sent to the client through the RO's user-agent?
> 
> One reason I see is, bringing the authorization code via User Agent 
> - links the user request to the authorization code. If AS directly 
> sends the code to the Resource Server the mapping between the user 
> request and the code is broken.
> 
> Thanks & regards,
> -Prabath
> 
>  
> 
> Best Regards
> Brent
> 
> 2013/1/9 Prabath Siriwardena <prabath@wso2.com>:
> > Prabath
> 

> 
> -- 
> Thanks & Regards,
> Prabath
> 
> Mobile : +94 71 809 6732 
> 
> http://blog.facilelogin.com
> http://RampartFAQ.com_______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth