Seeking guidance on the implementation of native/rich client flow
Torsten Lodderstedt
torsten at lodderstedt.net
Sat Oct 26 11:52:08 UTC 2013
We use OIDC in conjunction with resource owner password credential grant for native apps (no 3rd party apps, just our own apps)
Todd W Lainhart <lainhart at us.ibm.com> schrieb:
>I'm referencing http://openid.net/specs/openid-connect-core-1_0.html
>
>We have an Authorization Server that supports SSO via session
>extensions
>to OAuth 2.0. We're looking to replace that protocol w/ OIDC. There's
>a
>couple of sticky points that I'm not sure how to translate.
>
>1) Rich/Native Client login
>
>Imagine an Eclipse-based rich client accepts user credentials and
>receives
>a bearer token in return. The negotiation may be basic,
>credentials-based, SPENGO. The client is anonymous. Rather than using
>
>the Resource Owner Password Credentials Grant (where username/password
>are
>REQUIRED parameters), we opted for a custom endpoint so that the AS
>could
>determine if the request was authenticated in the absence of
>username/password. Similar to Resource Owner Password Credentials
>Grant.
>
>I'm wondering what the guidance is for such a setup in OIDC. Implicit
>requires the native client to follow (presumably) 302s with the AS
>until
>it gets the final 302 to the callback location. Seems messy for this
>setup.
>
>In the absence of guidance/precedent, I'm inclined to think that a
>Resource Owner Password Credentials Grant style extension is the way to
>go
>for this scenario.
>
>
>
>
>
>Todd Lainhart
>Rational software
>IBM Corporation
>550 King Street, Littleton, MA 01460-1250
>1-978-899-4705
>2-276-4705 (T/L)
>lainhart at us.ibm.com
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>specs mailing list
>specs at lists.openid.net
>http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20131026/cf5ce7d7/attachment.html>
More information about the specs
mailing list