[Openid-specs-native-apps] Provisioning TA with Remote AS token endpoint
Paul Madsen
paul.madsen at gmail.com
Tue Apr 29 17:31:39 UTC 2014
For those apps that already have an OAuth infrastructure (ie an AS and a
set of RS that are set up to 'trust' access tokens issued by that AS)
the proposal is that the TA would exchange an appropriately targeted
id_token at that AS to obtain the desired access token - a two part
exchange like this
1) TA ------ refresh token ------- > Home AS
2) TA <-------- id_token ----------- Home AS
3) TA --------- id_token ------------ Remote AS
4) TA <----- access token -------- Remote AS
begs the question 'How does the TA know the Remote AS token endpoint
address?'
Ignoring hard coded, options include
1) returned in the AppInfo response for that app
2) returned in the id_token (step 2 above)
3) passed in by the native app on its request to the TA
Thoughts?
paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140429/e64936b6/attachment.html>
More information about the Openid-specs-native-apps
mailing list