Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-01.txt

Wed, 28 Aug 2013 02:28:40 -0700 

Hi Phil,

A have a question, re:

"The authorization server MUST:

 -Perform the normal OAuth2 authorization process,
 -MAY elect not to request consent if no access token is to be
      issued (i.e. this is an authentication only request),
"

This last statement confuses me, given that the Authentication Response
"is identical to the one described in Section 4.1.2 [RFC6749]."
In other words, the client may only request the login but get the 'code' back without the user consent ? This seems wrong but may be I'm missing something ? 

Thanks, Sergey





On 2013-08-27, at 12:52 PM, Phil Hunt <phil.h...@oracle.com
<mailto:phil.h...@oracle.com>> wrote:


FYI.  Based on feedback from Berlin, Tony and I have revised the draft
to include:

* Alignment with OpenID Connect (using id_token)
* Always returns a JWT
* Minimum assertion level on request
* Return information about the type of authentication performed

Thanks for your input.

Phil

@independentid
www.independentid.com <http://www.independentid.com/>
phil.h...@oracle.com <mailto:phil.h...@oracle.com>


Begin forwarded message:


*From: *internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>
*Subject: **New Version Notification for
draft-hunt-oauth-v2-user-a4c-01.txt*
*Date: *27 August, 2013 8:56:45 AM PDT
*To: *Phil Hunt <phil.h...@yahoo.com <mailto:phil.h...@yahoo.com>>,
Anthony Nadalin <tony...@microsoft.com
<mailto:tony...@microsoft.com>>, Tony Nadalin <tony...@microsoft.com
<mailto:tony...@microsoft.com>>


A new version of I-D, draft-hunt-oauth-v2-user-a4c-01.txt
has been successfully submitted by Phil Hunt and posted to the
IETF repository.

Filename:draft-hunt-oauth-v2-user-a4c
Revision:01
Title:OAuth 2.0 User Authentication and Consent For Clients
Creation date:2013-08-27
Group:Individual Submission
Number of pages: 10
URL:
http://www.ietf.org/internet-drafts/draft-hunt-oauth-v2-user-a4c-01.txt
Status: http://datatracker.ietf.org/doc/draft-hunt-oauth-v2-user-a4c
Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-v2-user-a4c-01
Diff: http://www.ietf.org/rfcdiff?url2=draft-hunt-oauth-v2-user-a4c-01

Abstract:
  This specification defines a new OAuth2 endpoint that enables user
  authentication session and consent information to be shared with
  client applications.




Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org
<http://tools.ietf.org/>.

The IETF Secretariat



_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listi

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to