Omar As promised, I have reviewed the ID[1] you posted. I'm confused in the Motivation by the references to authentication, as OAuth is about authorization.
Perhaps you can post to the list the use case you are trying to solve for? I can infer aspects, but don't fully understand it. >From what I can understand though, there is software running in a trusted device that would like to get an access token, and an OTP is part of how the device is authenticating to the AS. This seems like a 2 legged OAuth flow as there is no user involved directly, and it seems you have a means for the client to authenticate to the AS using an OTP. Am I guessing correctly? /Dick [1] https://datatracker.ietf.org/doc/draft-hevroni-oauth-seamless-flow/?include_text=1
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth