Hi Zhou,
Even though client_id is public that needs to be passed from the
Authorization Server to the Resource Server. This does not happen in the
normal OAuth flow. It only returns back the access_token.
Please let me know if you need any further clarifications...
Thanks & regards,
-Prabath
On
Hi,Prabath
I have read your proposal, and have some questions:
why RS needs to get access token in client register stage;
and why RS needs to get client-id from AS by exchanging access token
(isn't client-id public?)
Prabath Siriwardena
2012-10-08 09:50
收件人
zhou.suj...@zte.com.cn
抄送
Hi Zhou,
Nice to see some common interest on this. Sure I will go through your
proposal.
Please find my proposal here [1]. I've added there the complete token flow,
introducing a new grant type.
[1]:
http://blog.facilelogin.com/2012/10/proposal-resource-owner-initiated.html
Thanks & regards,
-P
Hi, Praba
I am also thinking on this subject, and published a draft on it.
http://tools.ietf.org/id/draft-zhou-oauth-owner-auth-00.txt
I'd like to have your opinion.
Prabath Siriwardena
发件人: oauth-boun...@ietf.org
2012-10-08 08:08
收件人
Eve Maler
抄送
oauth@ietf.org
主题
Re: [OAUTH-WG] Re
Hi Eve,
Thanks for pointers.. I've been following the work done in UMA.. Sure..
will join the webinar...
BTW .. I am not quite sure UMA addresses my use case. Even in the case of
UMA it's client initiated or requestor initiated...
Please correct me if I am wrong... but in OAuth specification the
Hi Prabath,
As far as I know, OAuth itself generally isn't used to let one human resource
owner delegate access to a different human resource owner. However, UMA (which
leverages OAuth) does strive to solve exactly this use case, among other
similar ones; we call this one "person-to-person shar
+1
Zachary
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Phil
Hunt
Sent: Saturday, October 06, 2012 2:54 PM
To: Torsten Lodderstedt
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Agenda for Atlanta Meeting
+1
Phil
On 2012-10-06, at 10:07,
