Two little nits about endpoint naming: Section 2 <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04#section-2> defines "device endpoint", which is used in the document everywhere except the new metadata sections (section 4 <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04#section-4> and 7.3.1 <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04#section-7.3.1>) that use the term "device authorization endpoint.", Not a big deal but potentially a little confusing.
The example in section 3.1 <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04#section-3.1> is supposed to be showing a POST to the device endpoint but the Request-URI in the Request-Line is "/token", which *could* be the device endpoint but is probably just a copy/paste error and source of unneeded confusion. On Mon, Feb 27, 2017 at 11:14 AM, William Denniss <wdenn...@google.com> wrote: > My coauthors and I posted draft 04 of the OAuth 2.0 Device Flow for > Browserless and Input Constrained Devices draft today. > > Key changes: > > 1. Title updated to reflect specificity of devices that use this flow. > 2. User interaction section expanded. > 3. OAuth 2.0 Metadata > <https://tools.ietf.org/html/draft-ietf-oauth-discovery> for the > device authorization endpoint added. > 4. User interaction section expanded. > 5. Security Considerations section added. > 6. Usability Considerations section added. > > Please give it a look! > > On Mon, Feb 27, 2017 at 9:46 AM, <internet-dra...@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol of the IETF. >> >> Title : OAuth 2.0 Device Flow for Browserless and Input >> Constrained Devices >> Authors : William Denniss >> John Bradley >> Michael B. Jones >> Hannes Tschofenig >> Filename : draft-ietf-oauth-device-flow-04.txt >> Pages : 15 >> Date : 2017-02-27 >> >> Abstract: >> This OAuth 2.0 authorization flow for browserless and input >> constrained devices, often referred to as the device flow, enables >> OAuth clients to request user authorization from devices that have an >> Internet connection, but don't have an easy input method (such as a >> smart TV, media console, picture frame, or printer), or lack a >> suitable browser for a more traditional OAuth flow. This >> authorization flow instructs the user to perform the authorization >> request on a secondary device, such as a smartphone. There is no >> requirement for communication between the constrained device and the >> user's secondary device. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-04 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-device-flow-04 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth