[Openid-specs-mobile-profile] [Async JWT Profile] draft-oauth-versatile-jwt-profile-04

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Wed Apr 5 15:54:28 UTC 2017


As agreed during our call I uploaded
https://bitbucket.org/openid/mobile/src/tip/draft-oauth-versatile-jwt-profile-04.xml?at=default&fileviewer=file-view-default

Please add issues to our issue tracker
https://bitbucket.org/openid/mobile/issues?status=new&status=open
(and restart working on existing ones)

cheers
Axel

From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of nicolas.aillery at orange.com
Sent: Wednesday, April 05, 2017 12:04 PM
To: Manger, James
Cc: openid-specs-mobile-profile at lists.openid.net
Subject: [Openid-specs-mobile-profile] [Async JWT Profile] draft-oauth-versatile-jwt-profile-04

Hi James,

   Thanks.
   Here is a draft v4,

Regards

Nicolas



De : Manger, James [mailto:James.H.Manger at team.telstra.com]
Envoyé : mercredi 5 avril 2017 05:29
À : AILLERY Nicolas IMT/OLPS
Cc : openid-specs-mobile-profile at lists.openid.net; MARAIS Charles IMT/OLPS; CLEMENT Philippe IMT TECHNO; MARIOTTE Hubert IMT/OLN
Objet : RE: [Async JWT Profile] draft-oauth-versatile-jwt-profile-03

§3.3 "Polling Request" says:
  "A Client configured with a "client_notification_endpoint" MUST NOT send a Polling Request."
But this seems unnecessary, and contradicts §2 that says "a given "client_id" can use both mechanisms".
Drop this "MUST NOT" paragraph.
[Nicolas] Ok, fixed

You should be able to move the common parts of §4.3.1 and §4.3.2 into §4.3, instead of repeating them. Particularly that the notification POST MUST be a JSON object, and the presence or absence of an "error" member indicates if it is an error or success response respectively.
[Nicolas] Ok, modified

It might be nice for §1.3.2 "Asynchronous Poll flow" to show one (or more) unsuccessful polling requests, not just the final one that succeeds.
[Nicolas] Ok, added

Add a sentence to §2 "Client registration" (probably), and perhaps even an example metadata value:
  "An OP MUST indicate the asynchronous modes it supports by listing the associated "grant_type" values in the "grant_types_supported" member of the OP's metadata [OpenID.Discovery]"
[Nicolas] Ok, done


--
James Manger

From: nicolas.aillery at orange.com<mailto:nicolas.aillery at orange.com> [mailto:nicolas.aillery at orange.com]
Sent: Tuesday, 4 April 2017 6:30 PM

Hello James,

   Thanks for the reviews!
   Here are my comments inline, and a draft v3,

Regards,

Nicolas

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170405/e28a9d7a/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list