Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread John Joseph Bachir
On Tue, Nov 15, 2011 at 3:26 PM, Dan Taflin wrote: > it’s a great solution for someone like, say, Facebook or Twitter to be > able to hand out a blob of javascript and say, “Here, put this on your web > page to enable users to like/tweet/post on their account.” The 3rd-party > web site doesn’t hav

Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread Dan Taflin
I’ve spent the last couple months trying to answer this question myself (even posted on Stack Overflow, http://stackoverflow.com/questions/7522831/what-is-the-purpose-of-the-implicit-grant-authorization-type-in-oauth-2), and here’s the best answer I can come up with: it’s a great solution for s

Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread John Joseph Bachir
Okay, so I think the basic thing I'm not getting is: what's the use case for a javascript client? Googling doesn't help much here... ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread Justin Richer
On Tue, 2011-11-15 at 12:41 -0500, John Joseph Bachir wrote: > Thanks Justin - some more questions below... > > What does "public" mean here? In what sense could a client > be > > public or private, and why is implicit grant more > appropriate for the > > pu

Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread John Joseph Bachir
Thanks Justin - some more questions below... > > What does "public" mean here? In what sense could a client be > > public or private, and why is implicit grant more appropriate for the > > public case? > > Section 2.1, client types. > My understanding of a public client from this section was a

Re: [OAUTH-WG] Rechartering

2011-11-15 Thread Dick Hardt
The authoritative server could be acting as a intermediary for other authoritative servers. eg. RP would like to get access to both Facebook and Twitter. An intermdiate AS could acquire both tokens for the RP. On Oct 31, 2011, at 3:56 PM, Anthony Nadalin wrote: > Could be 2 tokens that still

Re: [OAUTH-WG] questions about implicit grant

2011-11-15 Thread Justin Richer
> The spec says that this grant type is "optimized for public clients > known to operate a particular redirection URI". > (a) What does "public" mean here? In what sense could a client be > public or private, and why is implicit grant more appropriate for the > public case? Section 2.1, client ty

[OAUTH-WG] OAuth 2.0 JWT Bearer Token Profiles Specification Draft -02

2011-11-15 Thread Mike Jones
Draft 02 of the OAuth 2.0 JWT Bearer Token Profiles Specification has been published. It contains the following changes: *Removed remaining vestiges of normative text talking about SAML that remained from the SAML Profile d