Hi Chuck,
ACDC + PKCE is what we want to do as well. It is a perfect fit for first
responders accessing APIs in foreign security domains.
The custom tabs / safari view controller provides an extremely elegant
means to do SSO across both native & web, utilizing session cookies in the
browser.
Bu
On Wed, Jul 15, 2015 at 5:14 PM, Mike Jones
wrote:
> I assume that TokenService1 is an OpenID Connect Provider, since it’s
> issuing both an access token and an ID Token, correct?
>
Correct.
>
>
> I assume that you want the interaction with TokenService2 to not include
> any user interaction
I assume that TokenService1 is an OpenID Connect Provider, since it’s issuing
both an access token and an ID Token, correct?
I assume that you want the interaction with TokenService2 to not include any
user interaction – that that’s where you’re doing the Token Exchange – correct?
How did you e
Yes it is a NAPPS thing.
The pressure for it has been reduced by the release of the Safari view
controller and Chrome custom tabs.
However it still has uses for IoT and some other places.
It would be best if somehow that could align with the other token exchange
proposals.
PKCE just went in t
Thanks Adam - ACDC looks like it's targeted at our use-case. Potentially
a little more difficult to layer on to our infrastructure, but looks
workable.
Does this spec live in OIDC Napps? If so, I'll head over there to ask a
few questions
-cmort
On Wed, Jul 15, 2015 at 3:07 PM, Adam Lewis <
Hi Chuck,
Wouldn't the ACDC be a closer fit to what you are doing? Not saying token
exchange couldn't work, but ACDC is specifically targeting your use case.
-adma
On Wed, Jul 15, 2015 at 4:44 PM, Chuck Mortimore
wrote:
> User logs into Client and accesses Resource1 using AccessToken1 from
>
User logs into Client and accesses Resource1 using AccessToken1 from
TokenService1.
Client then contacts TokenService2 and exchanges IDToken1 from
TokenService1 for AccessToken2 from TokenService2. It then uses
AccessToken2 to access Resource2.
-cmort
On Wed, Jul 15, 2015 at 2:27 PM, Anthony
So in your scenario where you have client (c), user (u), resource (r) and
resource 1(r1) does the flow go like U->C->R-R1 or U->C->R and U->C->R1 ?
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Chuck Mortimore
Sent: Wednesday, July 15, 2015 12:47 PM
To: OAuth WG ; Mike Jones
Subject:
We're examining the use of the Token Exchange spec for API federation
use-cases, and are looking for some feedback.
The basic use-case is as follows: Developer wants to build an Application
that is a composite of backend services that span multiple security
domains. For example, it's a combinat
