From c3f1741f955ca4ede06d40265dedecaa6bcc34cc Mon Sep 17 00:00:00 2001 From: dickhardt Date: Sun, 5 Jan 2025 17:24:18 +0000 Subject: [PATCH 1/3] point implementers to OIDC in intro #151 --- draft-ietf-oauth-v2-1.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index 6bb0590..e6fca3b 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -262,7 +262,9 @@ needs to evaluate the policies, and only needs to validate the access token. This simplification applies when the application is acting on behalf of a resource owner, or on behalf of itself. -OAuth is an authorization protocol, and is not an authentication protocol. The +OAuth is an authorization protocol, and is not an authentication protocol. If +authentication is required, OpenID Connect {{OpenID}} builds on OAuth to provide the security +characteristics required of an authentication protocol. The access token represents the authorization granted to the client. It is a common practice for the client to present the access token to a proprietary API which returns a user identifier for the resource owner, and then using the result of From d85c188d53baee6f117085190c69ff62dca51e5a Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Thu, 9 Jan 2025 09:13:27 -0800 Subject: [PATCH 2/3] Apply suggestions from code review --- draft-ietf-oauth-v2-1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index e6fca3b..c719251 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -262,9 +262,9 @@ needs to evaluate the policies, and only needs to validate the access token. This simplification applies when the application is acting on behalf of a resource owner, or on behalf of itself. -OAuth is an authorization protocol, and is not an authentication protocol. If -authentication is required, OpenID Connect {{OpenID}} builds on OAuth to provide the security -characteristics required of an authentication protocol. The +OAuth is an authorization protocol, not an authentication protocol, as OAuth does not define the necessary components to achieve user authentication. +An authentication protocol is necessary if the goal is to authenticate users. An example is OpenID Connect {{OpenID}}, which builds on OAuth to provide the security +characteristics and necessary components required of an authentication protocol. The access token represents the authorization granted to the client. It is a common practice for the client to present the access token to a proprietary API which returns a user identifier for the resource owner, and then using the result of From 2a3c2374acc9238dc774e66be25f853f78fbd5a8 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Thu, 9 Jan 2025 09:14:39 -0800 Subject: [PATCH 3/3] Update draft-ietf-oauth-v2-1.md --- draft-ietf-oauth-v2-1.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index c719251..59bea29 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -264,7 +264,9 @@ owner, or on behalf of itself. OAuth is an authorization protocol, not an authentication protocol, as OAuth does not define the necessary components to achieve user authentication. An authentication protocol is necessary if the goal is to authenticate users. An example is OpenID Connect {{OpenID}}, which builds on OAuth to provide the security -characteristics and necessary components required of an authentication protocol. The +characteristics and necessary components required of an authentication protocol. + +The access token represents the authorization granted to the client. It is a common practice for the client to present the access token to a proprietary API which returns a user identifier for the resource owner, and then using the result of