[Openid-specs-ab] OpenID Connect + Resource Owner Password Credentials Flow

Mike Jones Michael.Jones at microsoft.com
Mon Jan 28 23:01:20 UTC 2013


We'll try to discuss this on today's working group call.

                                                                -- Mike

From: Raneses, Jason [mailto:Jason.Raneses at fnf.com]
Sent: Monday, January 28, 2013 12:42 PM
To: Mike Jones
Subject: RE: OpenID Connect + Resource Owner Password Credentials Flow

Thanks for getting back to me Mike.  I actually submitted the IPR electronically on January 7th, so I'm not sure what happened there.

Section 2.2 of the standard specification states:

"Authorization Requests follow two main paths to obtain Access Tokens and ID Tokens, the Implicit Flow and the Authorization Code Flow. The flows determine how the Access Token and ID Token are returned to the Client."

It goes on to describe the two aforementioned flows and their usage, but makes no mention that the Resource Owner Password Credentials flow should be considered a valid option.  I guess in stating that authorization requests follow "two main paths", you could infer that alternative flows are also allowed, but a minor language change that makes it more explicit would be beneficial.

Jason

From: Mike Jones [mailto:Michael.Jones at microsoft.com]
Sent: Friday, January 25, 2013 11:20 AM
To: Raneses, Jason
Subject: RE: OpenID Connect + Resource Owner Password Credentials Flow

Hi Jason,

Sorry for the delayed reply - I just saw this note.

I don't believe that we intend to require support for the Resource Owner Password Credentials Flow at present, but we also are trying not to preclude the use of other flows, if desired.  If you think there's language we should change that currently precludes using this flow, by all means, please let us know.

If you're going to post to the working group mailing list, you'll need to submit an IPR agreement for the working group.  See the Participation section of http://openid.net/connect/ on how to do that.  That's why your note went into moderation.

                                                            Best wishes,
                                                            -- Mike

From: Raneses, Jason [mailto:Jason.Raneses at fnf.com]
Sent: Tuesday, January 22, 2013 7:17 AM
To: Mike Jones
Subject: FW: OpenID Connect + Resource Owner Password Credentials Flow

Mike,

Would you mind taking a look at the below question when you have a chance?  I've submitted it to the list on two occasions, but it's gone to moderation without a response as of yet.  I'd appreciate any insight you can provide.

Thanks,

Jason

From: Raneses, Jason
Sent: Friday, January 18, 2013 3:14 PM
To: 'openid-specs-ab at lists.openid.net'
Subject: OpenID Connect + Resource Owner Password Credentials Flow

Section 2.2 of the current standard draft defines two OAuth 2.0 protocol flows for use with OpenID Connect, Authorization Code and Implicit.  Are there any plans to include the Resource Owner Password Credentials grant type (http://tools.ietf.org/html/rfc6749#section-1.3.3) in later drafts?  We would like to support that as part of an upcoming provider implementation.

Best Regards,

Jason Raneses

Principal Software Architect
Fidelity National Financial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130128/b6dd016e/attachment.html>


More information about the Openid-specs-ab mailing list