Darren,
I have got some questions regarding your posting, esp. the assertion.
1) cliqset.com would like to request an access token from google.com.
Sends a request with grant_type=assertion.
Request:
POST /token HTTP/1.1
Host: google.com
Content-Type: application/x-www-form-urlencoded
grant_type=assertion&assertion_type=http://webfinger.org/&
assertion=eyJ1cmkiOiAiYWNjdDpkYm91bmRzQGNsaXFzZXQuY29tIiwibWFnaWNfc2lnbmF0dXJlIjogImFzZGxra2xhZnNkamtsZHNmamxraj0ifQ==
The assertion value in the request is a Base64 encoded JSON string
with two properties, uri and magic_signature. Example:
{
"uri": "acct:dbou...@cliqset.com",
"magic_signature": "asdlkklafsdjkldsfjlkj="
}
What is the meaning of the assertion? Does the uri represent an end-user
or the client?
How does the assertion represent an authorization, given that you try to
make end-user authorization via browser redirect an optional step.
regards,
Torsten,
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth