Hi all, I'm looking forward to the discussion on this on Tuesday!
I wanted to add my thoughts on a potential addition to this draft,
specifically around returning some minimal user information in the
transaction response.
The summary of the suggestion is to return a new "user" key along with the
access token that contains the user ID and userinfo endpoint, such as:
{
"access_token": {
"value": "UM1P9PMHKUR64TB8N6BW7OZB8CDFONP219RP1LT0",
"type": "bearer"
},
"user": {
"id": "5035678642",
"userinfo": "https://authorization-server.com/user/5035678642";
}
}
A more detailed analysis of the specific proposal and motivation behind
this is available on my blog:
https://aaronparecki.com/2019/07/18/17/adding-identity-to-xyz
Thanks!
----
Aaron Parecki
aaronparecki.com
@aaronpk <http://twitter.com/aaronpk>
On Tue, Jul 9, 2019 at 2:48 PM Justin Richer <jric...@mit.edu> wrote:
> I have requested time to present Transactional Authorization (the XYZ
> project) at the Montreal meeting in a couple weeks. Ahead of that, I’ve
> uploaded a new version of the spec:
>
> https://tools.ietf.org/html/draft-richer-transactional-authz-02
>
> Additionally, I’ve updated the writeup and examples on https://oauth.xyz/
>
> I plan to be in Montreal for the whole week, and I’ve requested from the
> chairs that I present during the Tuesday session due to limited
> availability of some key WG members on Friday.
>
> — Justin
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
