"valid" might not be the best term, but it's meant to be a field where
the server says "yes this token is still good" or "no this token isn't
good anymore". We could instead do this with HTTP codes or something but
I went with a pure JSON response.
-- Justin
On 02/06/2013 10:47 PM, Prabath Siriwardena wrote:
Hi Justin,
I believe this is addressing one of the key missing part in OAuth 2.0...
One question - I guess this was discussed already...
In the spec - in the introspection response it has the attribute
"valid" - this is basically the validity of the token provided in the
request.
Validation criteria depends on the token and well as token type (
Bearer, MAC..).
In the spec it seems like it's coupled with Bearer token type... But I
guess, by adding "token_type" to the request we can remove this
dependency.
WDYT..?
Thanks & regards,
-Prabath
On Thu, Feb 7, 2013 at 12:54 AM, Justin Richer <jric...@mitre.org
<mailto:jric...@mitre.org>> wrote:
Updated introspection draft based on recent comments. Changes include:
- "scope" return parameter now follows RFC6749 format instead of
JSON array
- "subject" -> "sub", and "audience" -> "aud", to be parallel
with JWT claims
- clarified what happens if the authentication is bad
-- Justin
-------- Original Message --------
Subject: New Version Notification for
draft-richer-oauth-introspection-02.txt
Date: Wed, 6 Feb 2013 11:24:20 -0800
From: <internet-dra...@ietf.org> <mailto:internet-dra...@ietf.org>
To: <jric...@mitre.org> <mailto:jric...@mitre.org>
A new version of I-D, draft-richer-oauth-introspection-02.txt
has been successfully submitted by Justin Richer and posted to the
IETF repository.
Filename: draft-richer-oauth-introspection
Revision: 02
Title: OAuth Token Introspection
Creation date: 2013-02-06
WG ID: Individual Submission
Number of pages: 6
URL:http://www.ietf.org/internet-drafts/draft-richer-oauth-introspection-02.txt
Status:http://datatracker.ietf.org/doc/draft-richer-oauth-introspection
Htmlized:http://tools.ietf.org/html/draft-richer-oauth-introspection-02
Diff:http://www.ietf.org/rfcdiff?url2=draft-richer-oauth-introspection-02
Abstract:
This specification defines a method for a client or protected
resource to query an OAuth authorization server to determine meta-
information about an OAuth token.
The IETF Secretariat
_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
--
Thanks & Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth