Re: [OAUTH-WG] Draft -12 feedback deadline
Brian Campbell <bcampbell@pingidentity.com> Wed, 16 February 2011 20:07 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B0AB3A6CFF for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 12:07:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.977
X-Spam-Level:
X-Spam-Status: No, score=-3.977 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j40Smife388K for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 12:07:28 -0800 (PST)
Received: from na3sys009aog101.obsmtp.com (na3sys009aog101.obsmtp.com [74.125.149.67]) by core3.amsl.com (Postfix) with ESMTP id 10B6C3A6C32 for <oauth@ietf.org>; Wed, 16 Feb 2011 12:07:27 -0800 (PST)
Received: from source ([209.85.161.41]) (using TLSv1) by na3sys009aob101.postini.com ([74.125.148.12]) with SMTP ID DSNKTVwumk6tqURnZYEYXWnSqDLPrO8usczR@postini.com; Wed, 16 Feb 2011 12:07:57 PST
Received: by mail-fx0-f41.google.com with SMTP id 12so1844564fxm.0 for <oauth@ietf.org>; Wed, 16 Feb 2011 12:07:54 -0800 (PST)
Received: by 10.223.123.142 with SMTP id p14mr1260610far.56.1297886874447; Wed, 16 Feb 2011 12:07:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.160.9 with HTTP; Wed, 16 Feb 2011 12:07:24 -0800 (PST)
In-Reply-To: <AANLkTimxhoK1vt8HwSF9dvu4Z5xjqrLLb2SULj9pp=9b@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E723445A8D6254D@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTinMjQW26mLkoN7oMdLWLGAHp0_O9LbVi13RpMJB@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A91D3EE9@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTimjWkO8o+z+P=AKpyYkSjTh6oS7uM9N0JwR_vR6@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A91D3F44@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTi=tvwsR=_EhPRkYEwC+ERwRCNN2aAWDqRDvwx8B@mail.gmail.com> <FFDFD7371D517847AD71FBB08F9A315638493F514F@SP2-EX07VS06.ds.corp.yahoo.com> <AANLkTimxhoK1vt8HwSF9dvu4Z5xjqrLLb2SULj9pp=9b@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 16 Feb 2011 13:07:24 -0700
Message-ID: <AANLkTi=DtgpWNyEKBg=0GhOWuqSvzF5q0SJQgfZNRm8M@mail.gmail.com>
To: Marius Scurtescu <mscurtescu@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Draft -12 feedback deadline
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2011 20:07:29 -0000
Exactly Marius, and in most cases the app will want to procure a refresh token as a result of the dance so it won't have to put the user though the authorization process again and again. Unless I'm mistaken, the implicit grant provides no means of obtaining a refresh token (http://tools.ietf.org/html/draft-ietf-oauth-v2-13#section-4.2.2). So unless the access tokens themselves are extremely long lived, the implicit grant flow doesn't seem very useful to native clients. I've heard a number of people suggest the native client -> implicit grant thing but it doesn't make sense to me. Is there something I'm not seeing? On Wed, Feb 16, 2011 at 12:14 PM, Marius Scurtescu <mscurtescu@google.com> wrote: > On Wed, Feb 16, 2011 at 11:06 AM, William Mills <wmills@yahoo-inc.com> wrote: >> Token endpoint with username/password credential doesn't solve this? Depends on the auth scheme of course, but Bearer should provide a solution? > > Not at all, in most case native apps must use the browser based 3-legged dance. > > Marius
- [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Skylar Woodward
- Re: [OAUTH-WG] Draft -12 feedback deadline Richer, Justin P.
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Phil Hunt
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline William Mills
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Brian Campbell
- Re: [OAUTH-WG] Draft -12 feedback deadline Justin Richer
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Mark Mcgloin
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Torsten Lodderstedt
- Re: [OAUTH-WG] Draft -12 feedback deadline Igor Faynberg
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Phil Hunt
- Re: [OAUTH-WG] Draft -12 feedback deadline Igor Faynberg
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Skylar Woodward
- Re: [OAUTH-WG] Draft -12 feedback deadline Torsten Lodderstedt