On 6/12/17 12:20 PM, David Waite wrote:
FYI, A few years ago I did a demonstration on OpenID Connect at Cloud
Identity Summit using a collection of bash scripts and command-line
utilities (nc, jq). I used the macOS system command ‘open’ to launch a
browser, and netcat to field the response as
+1 to the device flow if you can't pop open a system browser.
If you can pop open a system browser, then a more standard flow is a better
CX.
On Mon, Jun 12, 2017 at 11:34 AM, Phil Hunt wrote:
> +1
>
> The point of OAuth is to break away from using UID/Password (basic auth).
>
>
> The device f
+1
The point of OAuth is to break away from using UID/Password (basic auth).
The device flow is the best way to allow stronger authentication of the
authorizing user while still allowing a limited input device (e.g. command
line) to work.
Phil
Oracle Corporation, Identity Cloud Services
I second the recommendation to use the device flow for this kind of
system. The commandline client would print out a text string for the
user to enter into their browser elsewhere.
If you can pop up a system browser then it's even easier and you can
just use the auth code flow, but it's a lot
Hi all,
RFC 7800 defines how to communicate Proof of Possession (PoP) keys for
JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT)
draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of
the JSON/JOSE JWT spec.
The ACE working group is planning to also define a CBOR/COSE eq
FYI, A few years ago I did a demonstration on OpenID Connect at Cloud Identity
Summit using a collection of bash scripts and command-line utilities (nc, jq).
I used the macOS system command ‘open’ to launch a browser, and netcat to field
the response as a poor man’s HTTP endpoint. The code for
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Bill Burke
Sent: Monday, June 12, 2017 9:23 AM
To: Aaron Parecki
Cc: OAuth WG
Subject: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients
I've read about these techniques, but, its just not a good user experience.
I'm thinking m
I've read about these techniques, but, its just not a good user
experience. I'm thinking more of something where the command line
console is the sole user agent and the auth server drives a plain text
based interaction much like an HTTP Server drives interaction with HTML
and the browser.
Th
Thanks Takahiko, mentioning it on the list is enough. I've fixed it in the
editors' draft
https://github.com/ietf-oauth-mtls/i-d/commit/c6725e30dd1dc2f77aa293bce7fd1849713ed406
On Mon, Jun 12, 2017 at 5:33 AM, Takahiko Kawasaki
wrote:
> Hello,
>
> I'm sorry for this FAQ but where can I make comm
Hello,
I'm sorry for this FAQ but where can I make comments for the draft of
"Mutual TLS Profiles for OAuth Clients"?
I found a trivial editorial issue in the last paragraph in "3. Mutual TLS
Sender Constrained Resources Access". The second 'that' in "... verify that
the that certificate matches
10 matches
Mail list logo
