Hi Brian
In our own code both authorization code and implicit flow requests can
accommodate an audience property too.
You are right in the latter case there won't be a separate request to a
token endpoint hence we are treating what follows after the user has
authorized the implicit client as i
Hi Hannes,
thanks for supporting it, I agree the audience concept is not tied to
the PoP work
Cheers, Sergey
On 20/01/16 14:27, Hannes Tschofenig wrote:
Hi Sergey,
that's a good question. After this document was published the
functionality had been integrated into the PoP solution document.
R
ohn just said the same thing I did in parallel, using
> different words.
>
>
>
> *From:* John Bradley [mailto:ve7...@ve7jtb.com]
> *Sent:* Wednesday, January 20, 2016 2:56 PM
> *To:* Nat Sakimura
> *Cc:* Mike Jones; oauth
>
>
> *Subject:* Re: [OAUTH-WG] Status of draft-
As I see it, John just said the same thing I did in parallel, using different
words.
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Wednesday, January 20, 2016 2:56 PM
To: Nat Sakimura
Cc: Mike Jones; oauth
Subject: Re: [OAUTH-WG] Status of draft-tschofenig-oauth-audience
We have been
[mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>]
>> On Behalf Of Brian Campbell
>> Sent: Wednesday, January 20, 2016 2:18 PM
>> To: Hannes Tschofenig
>> Cc: oauth
>> Subject: Re: [OAUTH-WG] Status of draft-tschofenig-oauth-audience
>>
>>
what it wants
access to.
-- Mike
From: Nat Sakimura [mailto:sakim...@gmail.com]
Sent: Wednesday, January 20, 2016 2:47 PM
To: John Bradley; Mike Jones
Cc: oauth
Subject: Re: [OAUTH-WG] Status of draft-tschofenig-oauth-audience
+1
Tschofenig
> *Cc:* oauth
> *Subject:* Re: [OAUTH-WG] Status of draft-tschofenig-oauth-audience
>
>
> There does seem to be a need to provide the client a means of telling the
> AS the place(s) and/or entity(s) where it intends to use the token it's
> asking for. And that
org>]
> On Behalf Of Brian Campbell
> Sent: Wednesday, January 20, 2016 2:18 PM
> To: Hannes Tschofenig
> Cc: oauth
> Subject: Re: [OAUTH-WG] Status of draft-tschofenig-oauth-audience
>
> There does seem to be a need to provide the client a means of telling the AS
>
. Sorting
this out soon would be good.
-- Mike
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Wednesday, January 20, 2016 2:18 PM
To: Hannes Tschofenig
Cc: oauth
Subject: Re: [OAUTH-WG] Status of draft
There does seem to be a need to provide the client a means of telling the
AS the place(s) and/or entity(s) where it intends to use the token it's
asking for. And that it's common enough to warrant it's own small spec.
This has come up several times before and I think has some consensus behind
doing
Hi Sergey,
that's a good question. After this document was published the
functionality had been integrated into the PoP solution document.
Recently, I got feedback that the functionality should be more generic
and it is independent of the PoP work.
So, I guess it is a good time to discuss the nee
Hi
Given that the draft-tschofenig-oauth-audience [1] has expired, I'm
wondering if it is still relevant.
I know the token introspection response can provide the audience
value(s), but the question is really how a client is associated with a a
given audience in the first place. As such [1] m
12 matches
Mail list logo
