Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-15 Thread Tobias Looker
it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ____ From: Dick Hardt Sent: 16 December 2022 09:52 To: Tobias Looker Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth2 Client Discovery

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-15 Thread Tobias Looker
he purposes of the Electronic Transactions Act 2002. ____ From: OAuth on behalf of Vladimir Dzhuvinov Sent: 16 December 2022 00:01 To: oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth2 Client Discovery EXTERNAL EMAIL: This email originated outside of our organisation.

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-15 Thread Dick Hardt
On Thu, Dec 15, 2022 at 12:39 PM Tobias Looker wrote: > > Would be good to see tos_uri and policy_uri (personally, I'm > disappointed in the name policy_uri as policy is a much broader context > than privacy -- but that discussion is over =) > > Ok so to be clear you are suggesting we update the

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-15 Thread Vladimir Dzhuvinov
Hi Tobias, OAuth 2.0 and OIDC originally have a model where the client metadata is made to match the server's requirements and supported algorithms. This looks roughly like this: * The server has its metadata published at the well-known URL. * The client developer examines the server met

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Dick Hardt
Steve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0> &g

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Dmitry Telegin
AwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0> > > > This communication, including any attachments, is confidential. If you are > not the intended recipient, you should not read it - please contact

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Tobias Looker
t - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. __

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Sam Goto
2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0> >>> >>> >>> This communication, including

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Dick Hardt
t; This communication, including any attachments, is confidential. If you >> are not the intended recipient, you should not read it - please contact me >> immediately, destroy it, and do not copy or use any part of this >> communication or disclose anything about it. Thank you. Ple

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-14 Thread Dmitry Telegin
destroy it, and do not copy or use any part of this > communication or disclose anything about it. Thank you. Please note that > this communication does not designate an information system for the > purposes of the Electronic Transactions Act 2002. > > -- > *From:* Dmitry T

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Tobias Looker
close anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ________________ From: Aaron Parecki Sent: 14 December 2022 16:07 To: oauth@ietf.org Cc: Tobias Looker ; Ben Schwartz ;

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Aaron Parecki
17%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Tobias Looker
his communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ____ From: Dmitry Telegin Sent: 14 December 2022 06:30 To: Tobias Looker Cc: Ben Schwartz ; oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth2 Client Discov

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-12-13 Thread Dmitry Telegin
NayYUtXpRcImV4slS1mw%3D&reserved=0> > > > This communication, including any attachments, is confidential. If you are > not the intended recipient, you should not read it - please contact me > immediately, destroy it, and do not copy or use any part of this > communication or

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-11-09 Thread Tobias Looker
his communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. From: Ben Schwartz Sent: 10 November 2022 07:04 To: Tobias Looker Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth2 Client Discover

Re: [OAUTH-WG] OAuth2 Client Discovery

2022-11-09 Thread Ben Schwartz
Thanks for this draft! I'm new to the OAuth group but I definitely would like to see a solution for this problem, and this seems like a good approach. I'm having trouble understanding the precise URL structures that are used here. Can client_uri include a nontrivial path? Why is it necessary to

[OAUTH-WG] OAuth2 Client Discovery

2022-11-08 Thread Tobias Looker
Hi All, I would like to draw attention to a new I-D we've recently updated called "OAuth2 Client Discovery". https://datatracker.ietf.org/doc/draft-looker-oauth-client-discovery/01/ Below is the drafts current abstract for context: "This specification defines a mechanism for an authorization s