- Problem 1: Several WG participants are working on deploying a federated
signon protocol based on OAuth2 (aka OpenIDConnect) and would like to return
an additional 'session cookie' together with the auth_token. Or sometimes
return only a cookie as the result of authorization, since cookies will
li
@ietf.org
Subject: [OAUTH-WG] Freedom of assembly for response_type
- Problem 1: Several WG participants are working on deploying a federated
signon protocol based on OAuth2 (aka OpenIDConnect) and would like to return an
additional 'session cookie' together with the auth_token. Or someti
is neither code nor token.
>
>
> EHL
>
>
>
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Breno
> *Sent:* Thursday, February 17, 2011 10:30 AM
> *To:* oauth@ietf.org
> *Subject:* [OAUTH-WG] Freedom of assembly for response_type
>
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 1:51 PM, Eran Hammer-Lahav
mailto:e...@hueniverse.com>> wrote:
The best approach (at this point) is to leave the spec unchanged. However,
another spec can update the definition of the response_type par
he response_type is neither code nor token.
EHL
From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>
[mailto:oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>] On Behalf Of
Breno
Sent: Thursday, February 17, 2011 10:30 AM
To: oauth@ietf.org<mailto:oauth@ietf.org>
Sub
l.com]
> *Sent:* Thursday, February 17, 2011 1:58 PM
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Freedom of assembly for response_type
>
>
>
>
>
> On Thu, Feb 17, 2011 at 1:51 PM, Eran Hammer-Lahav
> wrote:
>
> The best approach (
rom: Breno [mailto:breno.demedei...@gmail.com]
Sent: Thursday, February 17, 2011 4:22 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
The use case is very straightforward:
- SAML provides session management. Facebook Connect provides session
management
s_token
>
>
> EHL
>
>
>
> *From:* Breno [mailto:breno.demedei...@gmail.com]
> *Sent:* Thursday, February 17, 2011 4:22 PM
>
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Freedom of assembly for response_type
>
>
>
> The
17, 2011 4:50 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 4:40 PM, Eran Hammer-Lahav
mailto:e...@hueniverse.com>> wrote:
I am not questioning the use case, only how it fits within the OAuth framework.
I
bruary 17, 2011 4:50 PM
>
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Freedom of assembly for response_type
>
>
>
>
>
> On Thu, Feb 17, 2011 at 4:40 PM, Eran Hammer-Lahav
> wrote:
>
> I am not questioning the use case, on
So an implicit grant can produce just a cookie or both cookie and token, but
not code?
EHL
From: Breno [mailto:breno.demedei...@gmail.com]
Sent: Thursday, February 17, 2011 5:10 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu
explicit exchange
from a code-type grant.
>
>
> EHL
>
>
>
>
>
> *From:* Breno [mailto:breno.demedei...@gmail.com]
> *Sent:* Thursday, February 17, 2011 5:10 PM
>
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Freedom of assembly
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 7:31 PM, Eran Hammer-Lahav
mailto:e...@hueniverse.com>> wrote:
So an implicit grant can produce just a cookie or both cookie and token, but
not code?
Yes, cookies would be returned
o. The grant carries the information.
>
>
> EHL
>
>
>
> *From:* Breno [mailto:breno.demedei...@gmail.com]
> *Sent:* Thursday, February 17, 2011 9:30 PM
>
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Freedom of assembly for res
You mean this is encoded into the authorization code?
EHL
From: Breno [mailto:breno.demedei...@gmail.com]
Sent: Thursday, February 17, 2011 10:07 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 9:52 PM, Eran
Can you send an example wire interaction?
EHL
From: Breno [mailto:breno.demedei...@gmail.com]
Sent: Thursday, February 17, 2011 10:07 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Freedom of assembly for response_type
On Thu, Feb 17, 2011 at 9:52 PM, Eran Hammer-Lahav
fusion it created later on.
EHL
*From:*Breno [mailto:breno.demedei...@gmail.com
<mailto:breno.demedei...@gmail.com>]
*Sent:* Thursday, February 17, 2011 1:58 PM
*To:* Eran Hammer-Lahav
*Cc:* oauth@ietf.org <mailto:oauth@ietf.org>
*Subject:* Re: [OAUTH-WG] F
ot
>> just making something extensible without understanding what it is you are
>> trying to extend. That’s like the OAuth 1.0 utterly broken oauth_version
>> parameter and the long confusion it created later on.
>>
>>
>>
>> EHL
>>
>>
>>
>&g
Response ''
On Thu, Feb 17, 2011 at 10:48 PM, Eran Hammer-Lahav wrote:
> Can you send an example wire interaction?
>
>
>
> EHL
>
>
>
> *From:* Breno [mailto:breno.demedei...@gmail.com]
> *Sent:* Thursday, February 17, 2011 10:07 PM
>
> *To:* Eran Hammer-
19 matches
Mail list logo