-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi assertion document authors,
Hi all,
I took a look at the assertion framework draft (draft-ietf-oauth-assertions-11)
and the SAML assertion profile document (draft-ietf-oauth-saml2-bearer-16.txt).
In general, I have to say that they are movin
> The same user could run the app on multiple computers and I want to
distinguish each running instance, so I think it's the app?
I asked, because I wondered if the client credentials flow or the auth
code flow was the more appropriate flow. It sounds like you want to
identify both the client
Yes, there could be privacy issues, and we can describe that as a
consideration in the specification. It is not an issue in my use case.
On Wed, May 29, 2013 at 8:23 AM, Anthony Nadalin wrote:
> So there could be privacy issues on why I would not want the ISS or AUD
> outside the encrypted payl
So there could be privacy issues on why I would not want the ISS or AUD outside
the encrypted payload
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Dick
Hardt
Sent: Tuesday, May 28, 2013 9:34 AM
To: O Auth WG
Subject: Re: [OAUTH-WG] JWT: add "iss" and "aud" to Reserve
Yes, it's the app that is granted a token on behalf of the user. This is
a very classic OAuth pattern.
-- Justin
On 05/29/2013 10:20 AM, Vincent Tsang wrote:
The same user could run the app on multiple computers and I want to
distinguish each running instance, so I think it's the app?
Thank
The same user could run the app on multiple computers and I want to
distinguish each running instance, so I think it's the app?
Thanks.
Vincent
On Wednesday, May 29, 2013, Todd W Lainhart wrote:
> On behalf of what will the access token be granted - the app (e.g. Word),
> or the user running the
The device flow is really made for cases where the client software can't
open a full browser at all, like a limited set top box or embedded
device. Since you can access a browser, you can very easily do an
authorization code flow with a native app. The only "trick" is getting
the code back to t
Hi Vincent … it sounds to me like you should be looking at the code flow. It
is optimized for the use case you describe (or at least as I understand it). A
native application which uses an installed web browser to interact with the AS
and obtain a token for your client. Using this flow, your
On behalf of what will the access token be granted - the app (e.g. Word),
or the user running the app?
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainh...@us.ibm.com
From: Vincent Tsang
To: Nat Sakimura
