One more issue:, section 3 states:
"...the authorization server
issues an access token response as described in Section 4.2 of
[I-D.ietf.oauth-v2]. The new access token SHOULD have the same
expiration and scope as the OAuth 1.0 token which the client is
upgrading."
First, only access tokens are
Hi David,
A few suggestions for this extension. I am assuming that you will
update it soon to conform to draft 11 of the core protocol.
1. Instead of passing an assertion why not treat it as another grant
type and pass all parameters as POST parameters. For example:
POST /token HTTP/1.1
Host: s
Sent: Monday, August 30, 2010 5:47 AM
> > To: David Recordon
> > Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
> > Subject: Re: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
> >
> > On Fri, 2010-08-27 at
fenig, Hannes (NSN - FI/Espoo); OAuth WG
> Subject: Re: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
>
> On Fri, 2010-08-27 at 20:26 +, David Recordon wrote:
> > This draft is now an Internet Draft and I'm curious if anyone has any
> > feedback on it?
> > http:
Sent: Monday, August 30, 2010 5:47 AM
> To: David Recordon
> Cc: Tschofenig, Hannes (NSN - FI/Espoo); OAuth WG
> Subject: Re: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
>
> On Fri, 2010-08-27 at 20:26 +, David Recordon wrote:
> > This draft is now an Internet Draft and I&#x
: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
On Fri, 2010-08-27 at 20:26 +, David Recordon wrote:
> This draft is now an Internet Draft and I'm curious if anyone has any
> feedback on it?
> http://tools.ietf.org/html/draft-recordon-oauth-v2-upgrade-00
>
repla
I'm more in favor of this alternative:
[1] http://www.ietf.org/mail-archive/web/oauth/current/msg02300.html
But I can see use cases for both: they basically look at the same
problem from both sides. If Marius would like to bring his draft up to
current spec, I would support its inclusion as a WG
On Fri, 2010-08-27 at 20:26 +, David Recordon wrote:
> This draft is now an Internet Draft and I'm curious if anyone has any
> feedback on
> it? http://tools.ietf.org/html/draft-recordon-oauth-v2-upgrade-00
>
replace
[[[
client_id
REQUIRED. The client identifier as described in Sectio
lto:oauth-boun...@ietf.org] On Behalf Of David
Recordon
Sent: Saturday, 28 August 2010 6:26 AM
To: OAuth WG
Cc: Tschofenig, Hannes (NSN - FI/Espoo)
Subject: Re: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
This draft is now an Internet Draft and I'm curious if anyone has any feedback
on it? ht
+1 on making this a WG item.
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David
Recordon
Sent: Friday, August 27, 2010 1:26 PM
To: OAuth WG
Cc: Tschofenig, Hannes (NSN - FI/Espoo)
Subject: Re: [OAUTH-WG] OAuth 2.0 Token Upgrade Extension
This draft is now an
This draft is now an Internet Draft and I'm curious if anyone has any
feedback on it?
http://tools.ietf.org/html/draft-recordon-oauth-v2-upgrade-00
I'd also like to request that this draft moves to become a Working Group
item. I'm am happy to act as the editor unless someone else wishes to do so
m
The ability to upgrade OAuth 1.0 tokens and secrets to OAuth 2.0 access
tokens has come up on the list a few times. Attached is a draft assertion
format which allows a client to trade an OAuth 1.0 token/secret pair for an
OAuth 2.0 access token. The assertion format is a JSON object with values
for
12 matches
Mail list logo
