[OAUTH-WG] Username and Password Flow and oauth_client_secret
Tosh Meston <tosh.meston@gmail.com> Wed, 28 April 2010 20:26 UTC
Return-Path: <tosh.meston@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 283D63A68CE for <oauth@core3.amsl.com>; Wed, 28 Apr 2010 13:26:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VoxQxoaaVVXd for <oauth@core3.amsl.com>; Wed, 28 Apr 2010 13:26:32 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 825273A69C1 for <oauth@ietf.org>; Wed, 28 Apr 2010 13:26:32 -0700 (PDT)
Received: by gyh4 with SMTP id 4so7638850gyh.31 for <oauth@ietf.org>; Wed, 28 Apr 2010 13:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=wG9R6LBcgyk1nMta+L6nNf5dmP8esftdTdMjxTUlAV8=; b=bS1+Z+CXBAbuYM01PUsPulFzN1wInJM5IlqRzFoqkOj1Ya27FBVZMgK8DBHvk9g0qi Md9nDfjP4JU/jp5D6Qlx4fzuU+DTPuYfEYGzTFau3YM/3LAY4trt09s2a9pJGazxceJC Gx+/DNsfUJKFGZxK0XKLIbFYYJuy2xAP/EvoQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=xMOIlY4xmcinqL9gVaZGTOg97kLDPsJvcuZ6dQAjDrWeA6Yy3ctyV0uoANRfmtPVnN N88Vh4wFJwt9R8qaDzrdyOPbv4/T5e37rBk4o51M9yjUOMclr8sN6ZhOTzzVDWd0XMey DF2Bas7Vxzy7TlyPlMj2832MI6XnX0mjI4G58=
MIME-Version: 1.0
Received: by 10.101.186.8 with SMTP id n8mr3586611anp.214.1272486375679; Wed, 28 Apr 2010 13:26:15 -0700 (PDT)
Received: by 10.101.66.14 with HTTP; Wed, 28 Apr 2010 13:26:15 -0700 (PDT)
Date: Wed, 28 Apr 2010 13:26:15 -0700
Message-ID: <h2if3fdf5a71004281326l9492c83ibd957178b3716646@mail.gmail.com>
From: Tosh Meston <tosh.meston@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="001636c92a37676788048551d265"
Subject: [OAUTH-WG] Username and Password Flow and oauth_client_secret
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2010 20:28:15 -0000
Hi everyone, I see that in draft specification, under the username and password flow, the oauth_client_secret is not listed in the required or optional request parameters, but is included in the example request. Is it correct to assume it should be listed it in the required parameters? POST /access_token HTTP/1.1 Host: server.example.comoauth_client_identifier=s6BhdRkqt3&oauth_client_secret=8eSEIpnqmM&oauth_username=daveman692&oauth_password=1password http://www.ietf.org/mail-archive/web/oauth/current/msg01396.html#anchor9 Thanks, Tosh
- [OAUTH-WG] Username and Password Flow and oauth_c… Tosh Meston
- Re: [OAUTH-WG] Username and Password Flow and oau… David Recordon
- Re: [OAUTH-WG] Username and Password Flow and oau… Tosh Meston
- Re: [OAUTH-WG] Username and Password Flow and oau… David Recordon
- Re: [OAUTH-WG] Username and Password Flow and oau… Allen Tom