in the
spec by the definition of two response_types and flows?
On Thu, Mar 15, 2012 at 3:54 PM, Breno de Medeiros br...@google.com wrote:
On Thu, Mar 15, 2012 at 15:43, Eran Hammer e...@hueniverse.com wrote:
I don't know how to better explain myself. Forget about the text you have
issue
with precisely this issue) and possibly lead to
harmful future interpretation.
** **
EH
** **
*From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
Of *Nat Sakimura
*Sent:* Thursday, March 15, 2012 2:04 AM
*To:* Breno de Medeiros; OAuth WG
*Subject:* Re: [OAUTH-WG
the core confusion here which is
what is the right way to handle hybrid clients.
The best way to move forward is to take a minute and ask the group to share
how they handle such cases or how they think they should be handled. Based
on that we can come up with a clear solution.
EH
From: Breno
in the
current document.
Also, you are ignoring my detailed analysis of the current facts. We have
two client types and the issue here is what to do with other, undefined
types.
EH
On 3/15/12 11:54 AM, Breno de Medeiros br...@google.com wrote:
My proposal is to remove any reference
informative discussion.
You can also do other things, like introduce normative language that
makes sense. But I have not yet seen proposed language that would be
acceptable.
EH
On 3/15/12 12:30 PM, Breno de Medeiros br...@google.com wrote:
I am proposing the entire removal of:
A client
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Marius Scurtescu
Sent: Wednesday, March 14, 2012 9:53 AM
To: OAuth WG
Cc: Breno de Medeiros
Subject: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
Hi,
Nat Sakimura started
on client type
identification.
EH
-Original Message-
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Wednesday, March 14, 2012 11:42 AM
To: Eran Hammer; Marius Scurtescu
Cc: Breno de Medeiros; OAuth WG
Subject: RE: [OAUTH-WG] Fw: Breaking change in OAuth 2.0 rev. 23
https://www.ietf.org/mailman/listinfo/oauth
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
[mailto:oauth-boun...@ietf.org] *On Behalf
Of *Breno
*Sent:* Wednesday, July 20, 2011 7:52 AM
*To:* Paul Tarjan
*Cc:* OAuth WG
*Subject:* Re: [OAUTH-WG] defining new response types
** **
** **
Comments inline.
** **
On Tue, Jul 12, 2011 at 8:23 PM, Paul Tarjan p...@fb.com wrote:
I
the hex code for +.
Marius
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
--Breno
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
it is a
useful *convention*.
Do people want to keep it or drop it?
EHL
-Original Message-
From: Breno de Medeiros [mailto:br...@google.com]
Sent: Tuesday, July 12, 2011 10:59 AM
To: Eran Hammer-Lahav
Cc: Marius Scurtescu; OAuth WG
Subject: Re: [OAUTH-WG] defining new response types
.
2. Should the protocol support dynamic composite values with the added
complexity (breaking change)?
That's my preference.
EHL
-Original Message-
From: Breno de Medeiros [mailto:br...@google.com]
Sent: Tuesday, July 12, 2011 11:18 AM
To: Eran Hammer-Lahav
Cc: Marius Scurtescu
-discuss
--
--Breno
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
On Wed, May 11, 2011 at 3:26 PM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
Through registration and redirect URI validation. A native app does
not have to impersonate, they can just register a user-agent client.
Everything boils down to the user trusting the app. As Breno
On Wed, May 11, 2011 at 7:23 PM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
Hi Breno,
thanks for the feedback. Please find my comments inline.
Now higher level comments:
On Native Apps protection of refresh token:
On section Definitions, there is a sentence
On Fri, Feb 18, 2011 at 7:17 AM, Paul Madsen paul.mad...@gmail.com wrote:
Breno, why are you using 'cookie' in this context?
SAML's 'session management' (I assume you are referring to SLO?)
functionality does not rely on browser cookies, but rather on the
participants sending
of values.
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
Of *Breno
*Sent:* Thursday, February 17, 2011 10:30 AM
*To:* oauth@ietf.org
*Subject:* [OAUTH-WG] Freedom of assembly for response_type
- Problem 1: Several WG participants are working on deploying a federated
signon protocol
to extend. That’s like the OAuth 1.0 utterly broken oauth_version
parameter and the long confusion it created later on.
EHL
*From:* Breno [mailto:breno.demedei...@gmail.com]
*Sent:* Thursday, February 17, 2011 1:58 PM
*To:* Eran Hammer-Lahav
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH
or in combination with token, it's returned in the
End User Authorization Response, in analogy/in addition to the access_token
- If specified in combination with code, it's returned in exchange for the
code, in analogy with the access_token
EHL
*From:* Breno [mailto:breno.demedei
.
Can you request only a cookie? Or is it always with either a token or code?
The idea is that a grant can be exchanged for only a cookie in some cases.
EHL
*From:* Breno [mailto:breno.demedei...@gmail.com]
*Sent:* Thursday, February 17, 2011 4:50 PM
*To:* Eran Hammer-Lahav
*Cc
an explicit exchange
from a code-type grant.
EHL
*From:* Breno [mailto:breno.demedei...@gmail.com]
*Sent:* Thursday, February 17, 2011 5:10 PM
*To:* Eran Hammer-Lahav
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 4
Thanks for circulating these.
--Breno.
On Tue, Nov 9, 2010 at 21:59, Mike Jones michael.jo...@microsoft.com wrote:
I’ve now finished my series of posts on the JSON token spec work that
occurred at IIW. For reference, they are:
- JSON Token Spec Results at IIW on Tuesday:
http://self
that
resources at http/https are usually identical, then http is a
non-authorized method to access the resource (403).
Thoughts?
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
in the spec?
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Breno
Sent: Wednesday, October 13, 2010 11:31 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Request sent to http: instead of https:`
Suppose server A documents
: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of William Mills
Sent: Wednesday, October 13, 2010 5:05 PM
To: Breno; Jeff Lindsay
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Request sent to http: instead of https:`
This rather implies that we're specifying running a full
that many providers now offer only a single, shared
secret is an indication that the key ID is not required.
Are you arguing here that the key_id should be an optional field, or
that it should not be part of the specification at all?
On Jun 25, 2010, at 7:40 AM, Breno wrote:
Key ids
(data)) would be acceptable.
Thanks,
-Naitik
ATT1..txt
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Breno de Medeiros
___
OAuth mailing list
OAuth@ietf.org
scope.
Well, what about just returning a refresh token with the access token
when the requested set of scopes for the access token is stricter?
Of course, in the user-agent flow there is no refresh token.
EHL
From: Breno [mailto:breno.demedei...@gmail.com]
Sent: Wednesday, June 16, 2010
On Wed, Jun 9, 2010 at 12:06, David Recordon record...@gmail.com wrote:
First draft of the UX Extension is at
http://github.com/daveman692/OAuth-2.0/raw/master/draft-recordon-oauth-v2-ux-00.txt.
Eran, I'm more than happy to have you take over as editor.
I included Allen and Breno as authors
33 matches
Mail list logo