Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-18 Thread Torsten Lodderstedt
Am 16.06.2010 00:35, schrieb Brian Eaton: On Tue, Jun 15, 2010 at 8:54 AM, Torsten Lodderstedt tors...@lodderstedt.net wrote: Wouldn't it be an alternative solution, if the AS first tries to authenticate the user using SPNEGO within the Web Server flow? This should work in the inhouse

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Dick Hardt
+1 On 2010-06-14, at 9:02 PM, Brian Eaton wrote: On Mon, Jun 14, 2010 at 8:31 PM, Andrew Arnott andrewarn...@gmail.com wrote: For an application I'm building, the installed client app will have intermittent windows of time where it can obtain a (non-OAuth) assertion for user identity.

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Andrew Arnott
, 2010 8:32 PM *To:* OAuth WG (oauth@ietf.org) *Subject:* [OAUTH-WG] Assertion flow: please add optional refresh_token in response For an application I'm building, the installed client app will have intermittent windows of time where it can obtain a (non-OAuth) assertion for user identity

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Dick Hardt
Why can the client app access the AS to get an access token but not the corporate network to get a new assertion? How does the client app get the assertion to begin with? How did delegation from the user happen? Would you elaborate more on the use case so that we can understand the full trust

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Dick Hardt
) Subject: [OAUTH-WG] Assertion flow: please add optional refresh_token in response For an application I'm building, the installed client app will have intermittent windows of time where it can obtain a (non-OAuth) assertion for user identity. During this time, it seems appropriate

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Andrew Arnott
Hi Dick, Responses inline. On Tue, Jun 15, 2010 at 7:12 AM, Dick Hardt dick.ha...@gmail.com wrote: Why can the client app access the AS to get an access token but not the corporate network to get a new assertion? The corporate network where the AD lives is behind a firewall, whereas the AS

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Torsten Lodderstedt
Wouldn't it be an alternative solution, if the AS first tries to authenticate the user using SPNEGO within the Web Server flow? This should work in the inhouse scenario. If it fails, it can fall back to username/password auth.. Thoughts? regards, Torsten. Am 15.06.2010 um 17:19 schrieb

Re: [OAUTH-WG] Assertion flow: please add optional refresh_token in response

2010-06-15 Thread Brian Eaton
On Tue, Jun 15, 2010 at 8:54 AM, Torsten Lodderstedt tors...@lodderstedt.net wrote: Wouldn't it be an alternative solution, if the AS first tries to authenticate the user using SPNEGO within the Web Server flow? This should work in the inhouse scenario. If it fails, it can fall back to