Thanks,
I understand that the spec leaves it ambiguous, I read the long thread on
multiple components single client ID.
I wanted to point out that this will be common despite this. Hopefully maybe to
encourage FB to start an extension clarify this.
Thanks for your help, I had overlooked using
Adam,
It may be a self signed SAML assertion.
That is likely the case where someone wanted to use asymmetric keys to
authenticate to the Token Endpoint.
I could see an STS used in some cases.
ECP is a touch unlikely unless someone was super keen.
The client could use a Web SSO profile to get
Hi,
Reading draft-ietf-oauth-saml2-bearer-10, it states:
The process by which the client obtains the SAML Assertion, prior to
exchanging it with the authorization server or using it for client
authentication, is out of scope.
Accepting that it's out of scope from the draft, what are the re
OAuth Core spec doesn't define those cases, so OAuth WG ML isn't the place
to report this issue though.
* how to handle an app which consists both client-side and server-side
components.
* how to use OAuth for login
I already reported this issue to
* apple
* facebook
* foursquare
* pinterest
* yap
Let me describe the details first.
FB iOS SDK delegates the authorization step to the official FB iOS app via
"fbauth://authorize" custom schema URL.
(If the official app isn't available on the device, it just open
m.facebook.com authorization page using Safari)
After the end-user approved the cl
Hello,
The draft http://tools.ietf.org/html/draft-ietf-oauth-assertions-01, section
6.1 has the following requirement:
The Authorization Server MUST validate the assertion in order to
establish a mapping between the Issuer and the secret used to generate
the assertion.
I thought that che
I am out of the office until 04/25/2012.
Note: This is an automated response to your message "OAuth Digest, Vol 42,
Issue 2" sent on 4/6/12 3:00:08.
This is the only notification you will receive while this person is away.___
OAuth mailing list
OA
How do I deal with this?
https://twitter.com/#!/nov/status/187895781011890176
My assumption is after getting the user to authorize the client via the FB SDK
on the iPhone app, one would send the authorization code (not the access token)
back to the server via HTTPS where it would just get a new
http://tools.ietf.org/html/draft-ietf-oauth-assertions-01
Section 7's second portion about a client including multiple credentials
types seems buried down here in the Error Responses section for
something this fundamental. It also conflates discussion of selection of
this client authorizat
Hi all,
this is a Last Call for comments on these three documents:
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-10
http://tools.ietf.org/html/draft-ietf-oauth-assertions-01
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02
Please have your comments in no later than April 23rd
10 matches
Mail list logo
