On Wed, Sep 18, 2019 at 4:24 PM Dick Hardt wrote:
>
> What happens if the access token is lost or compromised? Does the app need to
> be completely re-registered?
Yes. Re-registration breaks many things though, so it's often not an
option. In these cases, the client is pretty much stuck with
@ietf.org; Mark Dobrinic
Objet : [OAUTH-WG] Question regarding RFC 7592
On Fri, Sep 13, 2019 at 3:18 PM Travis Spencer
mailto:travis.spen...@curity.io>> wrote:
Ya, this part is confusing. I didn't get it at first either.
Seems I'm still a bit confused ;-)
this metadata isn't defined in RF
se then the client would need to
>>> make yet another round trip, and we’d have to invent a whole new grant type
>>> with a new temporary credential when we could just use that temporary
>>> credential directly instead.
>>>
>>> — Justin
>>>
>>> O
On Fri, Sep 13, 2019 at 3:18 PM Travis Spencer
wrote:
> Ya, this part is confusing. I didn't get it at first either.
>
Seems I'm still a bit confused ;-)
this metadata isn't defined in RFC 7591 but discussed in section 1.3; that
> spec leaves the metadata out of scope. It is, however, profiled
l be used for accessing the RFC7592 entry-points. Am I right?
Best regards
Hervé
De : Travis Spencer [mailto:travis.spen...@curity.io]
Envoyé : ven. 13 13:30
À : Robache Hervé
Cc : oauth@ietf.org<mailto:oauth@ietf.org>
Objet : Re: [OAUTH-WG] Question regarding RFC 7592
No. The init
we could just use that temporary credential
>>> directly instead.
>>>
>>> — Justin
>>>
>>>> On Sep 13, 2019, at 8:23 AM, Robache Hervé wrote:
>>>>
>>>> Thanks Travis
>>>>
>>>> I understand
RFC7591 initial registration, it is then able to ask for an access token
>> that will be used for accessing the RFC7592 entry-points. Am I right?
>>
>> Best regards
>>
>> Hervé
>>
>> *De :* Travis Spencer [mailto:travis.spen...@curity.io
>> ]
>> *
or an access token that
will be used for accessing the RFC7592 entry-points. Am I right?
Best regards
Hervé
De : Travis Spencer [mailto:travis.spen...@curity.io]
Envoyé : ven. 13 13:30
À : Robache Hervé
Cc : oauth@ietf.org<mailto:oauth@ietf.org>
Objet : Re: [OAUTH-WG] Question regarding RFC 7592
No.
the RFC7592 entry-points. Am I right?
>
> Best regards
>
> Hervé
>
> *De :* Travis Spencer [mailto:travis.spen...@curity.io
> ]
> *Envoyé :* ven. 13 13:30
> *À :* Robache Hervé
> *Cc :* oauth@ietf.org
> *Objet :* Re: [OAUTH-WG] Question regarding RFC 7592
>
> No. T
Envoyé :* ven. 13 13:30
> *À :* Robache Hervé
> *Cc :* oauth@ietf.org
> *Objet :* Re: [OAUTH-WG] Question regarding RFC 7592
>
>
>
> No. The initial access token is issued by the AS when registration is
> protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the
No. The initial access token is issued by the AS when registration is
protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the method
and means by which this is obtained can vary. The registration access token
in RFC 7592 is used to protect the registration management API and allow
Hi
RFC 7592 introduces a « Registration Access Token ». Are this token and the way
to get it similar to what is specified as “Initial Access Token” in RFC
7591/Appendix A ?
If so, can the Open Dynamic Client Registration (RFC7591/A.1.1) be extrapolated
to RFC7592 as the same way?
Thanks in
12 matches
Mail list logo
