I realize this is very late in this draft's life cycle but I just noticed it while working on something different but coincidentally similar.
The device flow defines a device_code parameter to be used in the access token request to the token endpoint[1] but doesn't register it as a token request parameter in the IANA Considerations[2] as would be expected/suggested by RFC6749's OAuth Parameters Registry[3]. Should the device flow register the device_code parameter? Seems like it probably should. [1] https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12#section-3.4 [2] https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12#section-7 [3] https://tools.ietf.org/html/rfc6749#section-11.2 ---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Wed, Aug 1, 2018 at 5:53 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-device-flow-12.txt To: <i-d-annou...@ietf.org> Cc: <oauth@ietf.org> A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Device Flow for Browserless and Input Constrained Devices Authors : William Denniss John Bradley Michael B. Jones Hannes Tschofenig Filename : draft-ietf-oauth-device-flow-12.txt Pages : 20 Date : 2018-08-01 Abstract: This OAuth 2.0 authorization flow for browserless and input- constrained devices, often referred to as the device flow, enables OAuth clients to request user authorization from devices that have an Internet connection, but don't have an easy input method (such as a smart TV, media console, picture frame, or printer), or lack a suitable browser for a more traditional OAuth flow. This authorization flow instructs the user to perform the authorization request on a secondary device, such as a smartphone. There is no requirement for communication between the constrained device and the user's secondary device. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-device-flow-12 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-device-flow-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-device-flow-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
