IETF Logo Mail Archive

Re: [OAUTH-WG] JWT binding for OAuth 2.0

Prabath Siriwardena <prabath@wso2.com> Tue, 14 April 2015 21:48 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1641A1EF6 for <oauth@ietfa.amsl.com>; Tue, 14 Apr 2015 14:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.368
X-Spam-Level:
X-Spam-Status: No, score=-1.368 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvk4Hv8skytP for <oauth@ietfa.amsl.com>; Tue, 14 Apr 2015 14:48:37 -0700 (PDT)
Received: from mail-vn0-x231.google.com (mail-vn0-x231.google.com [IPv6:2607:f8b0:400c:c0f::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E5841A1BC6 for <oauth@ietf.org>; Tue, 14 Apr 2015 14:48:37 -0700 (PDT)
Received: by vnbg129 with SMTP id g129so8736689vnb.4 for <oauth@ietf.org>; Tue, 14 Apr 2015 14:48:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wso2.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Mld1fW51JZiBVCK7P3E4gXkBUixVcEsGqh7ip5+Sqek=; b=UCvFIFd4mzf80iCxUlazrDnUzesqHDgksS/L0tHH2ebeCeCaoRMo0E1lBeHXOtYSNl YLE0EzwMnzrqh7OuyBaiOPFHh869wbJPM2a4LSQquFRATbYmH79TrtLD5pOlFdcwsPGO 1Kceys+5IZu7bHL1l98R1cv1wmvafoyRD0Pzw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Mld1fW51JZiBVCK7P3E4gXkBUixVcEsGqh7ip5+Sqek=; b=HY/UFPACICgvTttsDVwbe/LzOlZ+tr5DWj3n6VrLq8iAy2lMokZNChe5MB+fGbYQYT Sx1WsGxdt55Jn10p7HtSoJvQmeKEVSGLms1HXPQN19nz+7Y9JZqIPCem4M6n4JjDt1pN eHDqV2RDaS+nQWG81mVtmEQWA43M0TFZMWuZSy3BHBHhaxXSWoDINcgkls5Ad3RminA8 Fiz1qT+6MbNQ8wFLLp2Ut9tRamztz6T3v8NF/75ZAnE25D2TVy+aAPhVgEm1mCYgr0di vYSs7xzVM8ZM90kRRKda7CsvO/XsCCID/44xNx6yy9Wt0m8MaV/uAgRpaagzomFgnz9e AFug==
X-Gm-Message-State: ALoCoQmnyQ/IvXAF+DnjglH1lFrW4KXBzZgN77qpaiLc/QJx9Iw9gLpD81883omWzJFgMmWh7rnC
MIME-Version: 1.0
X-Received: by 10.60.220.137 with SMTP id pw9mr18295674oec.47.1429048116399; Tue, 14 Apr 2015 14:48:36 -0700 (PDT)
Received: by 10.202.72.198 with HTTP; Tue, 14 Apr 2015 14:48:36 -0700 (PDT)
In-Reply-To: <A0FFB94C-1EDB-41B9-B1E2-6943B078145F@ve7jtb.com>
References: <CAJV9qO-PsiNOdfBAf9k0VJ7+eGkE_g_gbygdCbGMv2UT56Ld=g@mail.gmail.com> <A0FFB94C-1EDB-41B9-B1E2-6943B078145F@ve7jtb.com>
Date: Tue, 14 Apr 2015 14:48:36 -0700
Message-ID: <CAJV9qO8KJk07Hs7X0tE2UKxeQNA3XaQO2uOF5xfVz0eDd8RgrA@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="001a11347f905863ce0513b6313b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/wHTFxseykOsLW_POKYgAcN3p_Qk>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JWT binding for OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 21:48:39 -0000

Thanks John for the pointer - will have look..

I am looking this for a pub/sub scenario..  Having JWT binding would
benefit that..

Also - why I want access token to be inside a JWT is - when we send a JSON
payload in this case, we already have the JWT envelope and the access token
needs to be carried inside..

Thanks & regards,
-Prabath





On Tue, Apr 14, 2015 at 2:41 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> There is a OAuth binding to SASL
> https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19
>
> Google supports it for IMAP/SMTP,  I think the latest iOS and OSX mail
> client updates use it rather than passwords for Google.
> I also noticed Outlook on Android using it.
>
> The access token might be a signed or encrypted JWT itself.  I don’t know
> that wrapping it again necessarily helps.
>
> Yes we should have bindings to other non http protocols.
>
> Is there something specific that you are looking for that is not covered
> by SASL?
>
> John B.
>
>
>
> On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <prabath@wso2.com> wrote:
>
> At the moment we only HTTP binding to transport the access token (please
> correct me if not)..
>
> This creates a dependency on the transport.
>
> How about creating a JWT binding for OAuth 2.0..? We can transport the
> access token as an encrypted JWT header parameter..?
>
>
> Thanks & Regards,
> Prabath
>
> Twitter : @prabath
> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>
> Mobile : +1 650 625 7950
>
> http://blog.facilelogin.com
> http://blog.api-security.org
>  _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>


-- 
Thanks & Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +1 650 625 7950

http://blog.facilelogin.com
http://blog.api-security.org

v2.23.0 | Report a Bug | By Email