[OAUTH-WG] OAuth WG Interim Meetings Schedule - March/April 2021

2021-03-12 Thread Rifaat Shekh-Yusef
All, Here is the updated list of our upcoming interim meetings: *March 15* *DPoP* – Brian https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ *March 22* *OAuth 2.1* – Dick/Aaron https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ *March 29* *Client Intermediary Metadata* – Aaron https:/

[OAUTH-WG] Fwd: Webex meeting changed: OAuth WG Interims

2021-03-12 Thread Rifaat Shekh-Yusef
Forwarding the meeting invitation because we added one more session on April 26. -- Forwarded message - From: Web Authorization Protocol Working Group Date: Fri, Mar 12, 2021 at 9:07 AM Subject: Webex meeting changed: OAuth WG Interims To: You changed the Webex meeting info

[OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Tatsuya Karino
Hi all, I'm looking for the specification to generate a new Access Token with authentication session in a Single Page Application with good User Experience. There is a draft, OAuth 2.0 Web Message Response Mode . And it's called silent auth

[OAUTH-WG] Authorization handover from mobile app to website

2021-03-12 Thread SOMMER, DOMINIK
Hi all, we have recently launched a mobile app that uses our website’s login and authorization code flow to authenticate and authorize user access (following RFC8252). However, not all of our website features are natively ported to the app itself. Some are only available on the website in logg

Re: [OAUTH-WG] Authorization handover from mobile app to website

2021-03-12 Thread George Fletcher
I can't find a record of sending this to the list, but I wrote this ID back in 2013 and we've implemented it. At the time I did vet it with a few people. Hopefully it might be helpful :) Thanks, George On 3/12/21 1:18 PM, SOMMER, DOMINIK wrote: Hi all, we have recently launched a mobile app

Re: [OAUTH-WG] Authorization handover from mobile app to website

2021-03-12 Thread Nov Matake
You can make your app an OIDC self-issued IdP for your website. One of my clients are using the mechanism for Native App SSO, where an OIDC self-issued IdP embedded in the Native App is acting as IdP for the backend IdP server. Unfortunately I have no english document now, but this slide descri

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Nov Matake
Your mechanism seems work fine. However, do you need OAuth in such situation? Same-site cookie seems much simpler there. iPadから送信 > 2021/03/13 0:45、Tatsuya Karino のメール: > >  > Hi all, > > I'm looking for the specification to generate a new Access Token with > authentication session in a Sin

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Tatsuya Karino
> However, do you need OAuth in such situation? > Same-site cookie seems much simpler there. yeah, right. For a 1st party application, we don't need to use the delegation of privilege. Using Same-site cookies is simple. But I also think if the company provide their APIs to 3rd party application