On Wed, Jun 28, 2017 at 11:33 AM, Justin Richer <jric...@mit.edu> wrote:
> This is functionally equivalent to polling, as far as the spec is > concerned. Instead of it being a timeout-based poll, it’s an > interaction-based poll. Either way, the device makes a new HTTP request to > the AS to see if the device code is good or not, and either option is > possible at that point as far as the device knows— the user could go mash > buttons as fast as possible without ever entering the user code. > > You are correct that this does not change the communication model, but if there is a large number of devices being configured at the same time, then the polling as it is defined in the document unnecessarily overloads the AS whether the user is doing anything or not. > In practice, this isn’t very likely to happen, as it requires additional > steps for the user and > It requires one more step (not steps), which is the user pushing the button one more time after the user is done with authenticating and authorizing the device; do you see any other steps needed here? > makes for a more clunky experience. > I guess this is subjective, but why do you think it is clunky? Regards,. Rifaat > If anything, we might see it as an optimization in some environments for > some clients. In any event, it’s not any different from the spec’s > perspective. > > — Justin > > On Jun 28, 2017, at 8:27 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > > Hi (as individual), > > I have reviewed the Device Flow document, and I have a question about the > polling part. > The current draft is calling for the Device Client to poll the AS for a > token (steps E & F of Figure 1). > > Presumably, the process started with the user pushing some button on the > Device Client to initiate the process. > One way to avoid the need for polling is for the Device Access Token > Request to be sent to the AS only after the user for example pushed that > same button again. > This would allow the user to perform steps C and D to authorize the > device, and then push the button again to get the token. > > Thoughts? > > Regards, > Rifaat > > > On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > >> All, >> >> We are starting a WGLC on the Device Flow document: >> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06 >> >> Please, review the document and provide feedback on any issues you see >> with the document. >> >> The WGCL will end in two weeks, on June 16, 2017. >> >> Regards, >> Rifaat and Hannes >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
