Yeah, that is true. One of my reasons for bringing this up was in
consideration of proposing a similar simplification around client
authentication. But clearly client authn and grants can and will be
presented together in the same request. I was aware of the potential
for name conflicts but
On Thu, Sep 23, 2010 at 2:08 PM, Brian Campbell
bcampb...@pingidentity.com wrote:
Do parameters defined by grant types really need a registry? I mean,
a client only presents one access grant request at a time so it's not
like there's potential for name conflicts. Am I missing something?
There
...@pingidentity.com]
Sent: Tuesday, September 21, 2010 3:20 PM
To: Justin Richer
Cc: Eran Hammer-Lahav; OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] Simpilfying use of assertions when requesting an
access token
I'm not sure one email from me asking for clarification exactly counts
-
From: Justin Richer [mailto:jric...@mitre.org]
Sent: Thursday, September 02, 2010 2:27 PM
To: Eran Hammer-Lahav
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] Simpilfying use of assertions when requesting an
access token
+1
I've never liked the notion of not being able
of assertions when requesting an
access token
+1
I've never liked the notion of not being able to extend the grant type
field, and this change addresses that particular gripe.
Just so I'm clear here: an extension that defines its own url-defined
grant type can also legally add
+1
we just discussed the need for adding grant types in order support
Telekom-specific user authentication mechanisms. So this proposal comes right
in time :-)
regards,
Torsten.
Am 02.09.2010 um 23:27 schrieb Justin Richer jric...@mitre.org:
+1
I've never liked the notion of not being
I would like to make this change in -11:
Instead of the current user of the 'assertion' grant type -
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=assertion
assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion
+1
I've never liked the notion of not being able to extend the grant type
field, and this change addresses that particular gripe.
Just so I'm clear here: an extension that defines its own url-defined
grant type can also legally add and remove parameters from the endpoint,
right?
-- Justin
On
Yes.
-Original Message-
From: Justin Richer [mailto:jric...@mitre.org]
Sent: Thursday, September 02, 2010 2:27 PM
To: Eran Hammer-Lahav
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] Simpilfying use of assertions when requesting an access
token
+1
I've never liked the notion
Hammer-Lahav
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] Simpilfying use of assertions when requesting an
access token
+1
I've never liked the notion of not being able to extend the grant type
field, and this change addresses that particular gripe.
Just so I'm clear here
10 matches
Mail list logo