Hi Guangqing, Just to build on what Justin and Hannes said, I have use cases that involve sending OAuth access tokens over MANY non-HTTP protocols including SIP, RTSP, SOAP (though you could argue that it is HTTP underneath), and other proprietary protocols. (I also have use cases for the more conventional RESTful API access as well.) The way my clients get the token (as Hannes mentioned) is always done over HTTPS between the client and RS.
-adam -----Original Message----- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, November 14, 2012 9:10 AM To: dgq2011 Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] is OAuth protocol based on HTTP? Hi Guangqing, RFC 6749 should have explained this a bit more. RFC 6749 uses HTTPS to interact with an authorization server to obtain access tokens (among other things). RFC 4749 does, however, not specify what protocol is used to present these access tokens to a resource server. RFC 6750 explains how this is done for resource servers that use HTTP. There is, however, also ongoing work to provide OAuth support for non-HTTP-based protocol, see http://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-08. SASL and the GSS-API is used for integrating OAuth into a range of protocols. Ciao Hannes On Nov 14, 2012, at 9:51 AM, dgq2011 wrote: > Hi, all! It is said in RFC 6749 (The OAuth 2.0 Authorization Framework) that > “this specification is designed for use with HTTP ([RFC2616])” and “The use > of OAuth over any protocol other than HTTP is out of scope.” Do those > statements mean that the communication between any two roles in OAuth > protocol (namely resource owner, resource server, client and authorization > server) is based on HTTP protocol? I am not familiar with the OAuth protocol > and just would like to confirm this question. Any response is appreciated! > > > Best wishes! > Guangqing Deng > dgq2011 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth