> From what I read, it sounds like you want either the assertion flow (which is defined in extensions) or the client credentials flow (not the resource owner password flow).
I thought the same re "client credentials flow", but on a quick reading of Google's spec, their impl also allows for impersonation, assuming that the client has been registered to allow such (unclear if the original poster also wanted this functionality). We have a similar feature in our impl - client creds flow w/ impersonation (with supporting registration). Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com From: Justin Richer <jric...@mitre.org> To: Antonio Sanso <asa...@adobe.com>, Cc: "oauth@ietf.org WG" <oauth@ietf.org> Date: 09/26/2013 09:41 AM Subject: Re: [OAUTH-WG] Oauth Server to Server Sent by: oauth-boun...@ietf.org From what I read, it sounds like you want either the assertion flow (which is defined in extensions) or the client credentials flow (not the resource owner password flow). In either of these, the client authenticates on its own behalf and gets a token directly with no user involved, and both are fully specified. -- Justin On 09/24/2013 08:08 AM, Antonio Sanso wrote: > Hi *, > > apologis to be back to this argument :). > > Let me try to better explain one use case that IMHO would be really good to have in the OAuth specification family :) > > At the moment the only "OAuth standard" way I know to do OAuth server to server is to use [0] namely Resource Owner Password Credentials Grant. > > Let me tell I am not a big fun of this particular flow :) (but this is another story). > > An arguable better way to solve this scenario is to user (and why not to standardise :S?) the method used by Google (or a variant of it) see [1]. > > Couple of more things: > > - I do not know if Google would be interested to put some effort to standardise it (is anybody from Google lurking :) e.g.Tim Bray :D ) > - I am not too familiar with IETF process. Would the OAuth WG take in consideration such proposal draft?? > > Thanks and regards > > Antonio > > [0] http://tools.ietf.org/html/rfc6749#section-4.3 > [1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
