Hi Denis,
Thank you for your feedback!
Inline
> Privacy has not really been a concern in the WG since originally the AT and
> the RS were co-located.
Colocation of AS and RS was a frequent occurrence, but by no mean mandatory…
AFAIK one of the drivers for the changes between OAuth1 and OAuth2 wa
>
>
> Am 09.04.20 um 09:55 schrieb Rob Otto:
> > I'd imagine you have to pre-register each client and then use HOTP or
> > TOTP to generate one-time passcodes.?
> >
>
> I can come up with a couple of other ways as well, but I'm interested to
> hear what Francis sees "in the wild".
There are many w
I have three concerns, two of them being related to privacy.
1) Privacy has not really been a concern in the WG since originally the
AT and the RS were co-located. However, this draft now recognizes
that there may exist cases where "the authorization server and resource
server are not co-locate
We’ve looked at this with XYZ, and one of the patterns that’s possible with the
backchannel-first flow is to have the server send a challenge back to the
client which the client can then respond to, for example by signing it with a
FIDO style device key. Depending on the system, the client could
Am 09.04.20 um 09:55 schrieb Rob Otto:
> I'd imagine you have to pre-register each client and then use HOTP or
> TOTP to generate one-time passcodes.
>
I can come up with a couple of other ways as well, but I'm interested to
hear what Francis sees "in the wild".
-Daniel
___
I'd imagine you have to pre-register each client and then use HOTP or TOTP
to generate one-time passcodes.
On Thu, 9 Apr 2020 at 08:25, Daniel Fett wrote:
> Hi Francis,
>
> Am 08.04.20 um 23:59 schrieb Francis Pouatcha:
>
> As a replacement of RFC 6749 I am missing a "Direct Grant" with the sa
Hi Francis,
Am 08.04.20 um 23:59 schrieb Francis Pouatcha:
> As a replacement of RFC 6749 I am missing a "Direct Grant" with the
> same simplicity as the "Resource Owner Password Credentials" grant of
> RFC 6749.
>
> The reason is that browser redirects are too complex and most of the
> time badly
