Hannes,
what about discovery?
"Recommendations of commonly used Scope values" sounds to weak from my
point of view. I would rather suggest to work towards a clear definition
of scope syntax and semantics, including resource server identification.
Please note, I submitted a I-D on token revo
I'd like to see us finish Core before considering re-chartering. :)
But to your original question. I'm interested in the UX extension (said I'd
edit), device flow (said I'd edit), and the OpenID Connect work which
encompasses dynamic registration and likely artifact binding (also editing
but outsi
I forgot an item already, namely 'identity management using OAuth' in
the style of OpenID Connect.
At IIW we also had a chat about an implementers guide and
interoperability tests. The idea of the implementers guide is create a
living document that captures implementation experience with diffe
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main specification we should
discuss WG re-chartering.
The following items had been proposed at the meeting:
* Messaging Signing
Example: http://www.ietf.org/mail-archive/web
Hi Brain,
yes, you are right. I just went over that condition.
On the other hand, this implies to me, that access token revocation is
not possible in a constellation as described before.
Regards,
Stefanie
Am 10.09.2010 00:38, schrieb Brian Campbell:
Isn't that kind of situation exactly the
Sorry.
7. Evil user takes the code and gives it back to the client by constructing the
original correct redirection URI.
8. Client exchanges the code for access token, attaching it to the evil user's
account.
9. Evil user can now access victim user data on his client account.
This is basically
Doesn't step 7 require the evil user to know the client's secret?
Am 10.09.2010 17:06, schrieb Eran Hammer-Lahav:
1. Evil user starts the OAuth flow on the client using the web-server flow.
2. Client redirects the evil user to the authorization server, including state
information about the evi
