[OAUTH-WG] Authentication
Frizz <frizzthecat@googlemail.com> Thu, 04 September 2014 09:30 UTC
Return-Path: <frizzthecat@googlemail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A671A0203 for <oauth@ietfa.amsl.com>; Thu, 4 Sep 2014 02:30:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.522
X-Spam-Level:
X-Spam-Status: No, score=0.522 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3sK_Ah_kbpmo for <oauth@ietfa.amsl.com>; Thu, 4 Sep 2014 02:30:11 -0700 (PDT)
Received: from mail-oa0-x234.google.com (mail-oa0-x234.google.com [IPv6:2607:f8b0:4003:c02::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22D7B1A0970 for <oauth@ietf.org>; Thu, 4 Sep 2014 02:30:09 -0700 (PDT)
Received: by mail-oa0-f52.google.com with SMTP id m19so6940287oag.25 for <oauth@ietf.org>; Thu, 04 Sep 2014 02:30:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Vz5m1MChFFJsJiw3W1JP+sCqTIkygqMS69ervTkJxGU=; b=ppYgpjQBBg3neBxtLKa2b4t2OvXjvf11tVxB3DKFirnGKZAyUJsX3bEaVDNwid7Rko YYLCKEbC10CzW5fv8fIu6GgKCOq4Jun/h7GVIik8/3As48CphmapVuq9sZKCLjcpDbyl OFK1jeIntw6swNPXUgCJ3VyaR0G9ixwt6kXBCdmZysHvpfxnXF0ix2H2q+8uMnvAJyTh SJAjponKpioEdtstx4TqiNjz42FQPal9aNcbA9YqatjBACUBRTvSPX8LlOPgasFP9JfR mw1EmJU1UxxY1C9fAVFbviu6R4A49XTlopvHw0jwdjF/9zTvjsdYjaKsAMwIt0Qqorig y+gg==
MIME-Version: 1.0
X-Received: by 10.60.65.35 with SMTP id u3mr3245877oes.35.1409823008470; Thu, 04 Sep 2014 02:30:08 -0700 (PDT)
Received: by 10.76.106.147 with HTTP; Thu, 4 Sep 2014 02:30:08 -0700 (PDT)
Date: Thu, 04 Sep 2014 11:30:08 +0200
Message-ID: <CAOtESJc2rK57rUdUSnp00aCA6O0u=rxgoafotrzMowaPW40ZUA@mail.gmail.com>
From: Frizz <frizzthecat@googlemail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="001a11c257589dbb27050239ffc3"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/t8IQbxHdEZyjYSPFK830DH_0G-8
X-Mailman-Approved-At: Thu, 04 Sep 2014 04:49:35 -0700
Subject: [OAUTH-WG] Authentication
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 09:32:28 -0000
Hello there, I have a question regarding Authentication: The following two scenarios, are they typical use cases for OAuth? Or OpenId-Connect? Or something completely different? Flow (A) would be like this: (1) Client calls Business Logic Server (2) Server detects there’s no Access Token in HTTP headers (3) Server redirects to *some* Authentication Server (4) Authentication Server challenges Client for Username/Password (5) Client (now with valid Access Token) is redirected to Business Logic Server and completes operation Flow (B) would look like this: (1) Client directly calls Authentication Server (kinda explicit Login call) with Username/Password and gets an Access Token in return (2) Client uses this Access Token for all calls to the Business Logic Server cheers, Frizz
- [OAUTH-WG] Authentication Frizz
- Re: [OAUTH-WG] Authentication John Bradley
- Re: [OAUTH-WG] Authentication Richer, Justin P.
- Re: [OAUTH-WG] Authentication Sergey Beryozkin
- Re: [OAUTH-WG] Authentication Richer, Justin P.