Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-07-01 Thread Torsten Lodderstedt
:*Lodderstedt, Torsten [mailto:t.lodderst...@telekom.de] *Sent:* Thursday, June 30, 2011 6:38 AM *To:* Eran Hammer-Lahav; George Fletcher; oauth@ietf.org *Subject:* AW: [OAUTH-WG] Resource Owner Password Credentials question/feedback Issuing a refresh token is more a function of the access grant

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-30 Thread Lodderstedt, Torsten
[mailto:gffle...@aol.com] Gesendet: Dienstag, 28. Juni 2011 17:47 An: oauth@ietf.org Betreff: [OAUTH-WG] Resource Owner Password Credentials question/feedback I'm working on spec'ing out a use of the Resource Owner Password Credentials flow and in trying to map out possible error cases, realized

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-30 Thread Eran Hammer-Lahav
(based on user approval and policy). EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Lodderstedt, Torsten Sent: Thursday, June 30, 2011 1:10 AM To: George Fletcher; oauth@ietf.org Subject: Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback No exactly

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-30 Thread Lodderstedt, Torsten
. Von: George Fletcher [mailto:gffle...@aol.com]mailto:[mailto:gffle...@aol.com] Gesendet: Dienstag, 28. Juni 2011 17:47 An: oauth@ietf.orgmailto:oauth@ietf.org Betreff: [OAUTH-WG] Resource Owner Password Credentials question/feedback I'm working on spec'ing out a use of the Resource Owner Password

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-30 Thread Eran Hammer-Lahav
AM To: Eran Hammer-Lahav; George Fletcher; oauth@ietf.org Subject: AW: [OAUTH-WG] Resource Owner Password Credentials question/feedback Issuing a refresh token is more a function of the access grant duration than anything else. Agreed. How shall the user influence this duration? There is no direct

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-29 Thread Marcus Better
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-06-28 18:05, Brian Campbell wrote: invalid_grant seems like the appropriate error as the username and password are the grant in the context of the Resource Owner Password Credentials flow/grant type. What should the HTTP status code be?

[OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-28 Thread George Fletcher
I'm working on spec'ing out a use of the Resource Owner Password Credentials flow and in trying to map out possible error cases, realized that there is no good error for the case that the resource owner's password credentials are invalid. Section 4.3 of draft 16 references section 5.2 for

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-28 Thread Brian Campbell
invalid_grant seems like the appropriate error as the username and password are the grant in the context of the Resource Owner Password Credentials flow/grant type. On Tue, Jun 28, 2011 at 9:47 AM, George Fletcher gffle...@aol.com wrote: I'm working on spec'ing out a use of the Resource Owner

Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback

2011-06-28 Thread Eran Hammer-Lahav
Yep. Invalid grant is the right error code. EHL -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Tuesday, June 28, 2011 9:05 AM To: George Fletcher Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Resource Owner Password