subject:"\[OAUTH\-WG\] \[token\-exchange\] Parameters to support external token exchange"

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-12 Thread Bill Burke

How the target STS processes the external token is up to the STS. The external token could solely be used as an authentication mechanism. The client must be registered and known by the STS, so it can decide if the client is allowed to exchange an external token, and what target audience or resourc

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-11 Thread Brian Campbell

The words implicit vs. explicit might not have been the best choice but the concepts are complicated and subtle and I was (and still am) at a bit of a lose for the right language to describe things. By explicit what I was trying to express is that the token that is going cross-domain is explicitly

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-08 Thread Bill Burke

On Fri, Dec 8, 2017 at 12:41 PM, Brian Campbell wrote: > I guess I'm going to kind of restate some of what I said in that earlier > thread and a bit more. The access and refresh token URIs from the draft are > intended to indicate that such tokens are issued by the given authorization > server act

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-08 Thread Mike Jones

-exchange] Parameters to support external token exchange Hi Bill, I agree with Brian that an AS to AS token exchange is beyond the scope of this document. I suggest that you send a separate email to start a discussion on this topic and see if there is interest in the WG to take this topic as a

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-08 Thread Rifaat Shekh-Yusef

Hi Bill, I agree with Brian that an AS to AS token exchange is beyond the scope of this document. I suggest that you send a separate email to start a discussion on this topic and see if there is interest in the WG to take this topic as a new work. Regards, Rifaat (as co-chair and document shephe

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-08 Thread Brian Campbell

I guess I'm going to kind of restate some of what I said in that earlier thread and a bit more. The access and refresh token URIs from the draft are intended to indicate that such tokens

[OAUTH-WG] [token-exchange] Parameters to support external token exchange

2017-12-06 Thread Bill Burke

The Keycloak project (oss idp), has implemented [1] the token exchange draft (minus the actor token). There's a couple of extensions we have made to allow external token exchange to work. I'd like to get some consideration for these extensions to be added. With proper configurations, clients are

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

Re: [OAUTH-WG] [token-exchange] Parameters to support external token exchange

[OAUTH-WG] [token-exchange] Parameters to support external token exchange

7 matches

Site Navigation

Mail list logo

Footer information