idnits 2.17.00 (12 Aug 2021)

/tmp/idnits44939/draft-recordon-oauth-v2-upgrade-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document date (Jul 2010) is 4327 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

     No issues found here.

     Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                   D. Recordon, Ed.
3	Internet-Draft                                                  Facebook
4	Intended status: Standards Track                                Jul 2010
5	Expires: January 2, 2011

7	                   OAuth 2.0 Token Upgrade Extension
8	                   draft-recordon-oauth-v2-upgrade-00

10	Abstract

12	   This specification defines an OAuth 2.0 assertion request format for
13	   upgrading OAuth 1.0 token and secret pairs to OAuth 2.0 access
14	   tokens.

16	Status of this Memo

18	   This Internet-Draft is submitted in full conformance with the
19	   provisions of BCP 78 and BCP 79.

21	   Internet-Drafts are working documents of the Internet Engineering
22	   Task Force (IETF).  Note that other groups may also distribute
23	   working documents as Internet-Drafts.  The list of current Internet-
24	   Drafts is at http://datatracker.ietf.org/drafts/current/.

26	   Internet-Drafts are draft documents valid for a maximum of six months
27	   and may be updated, replaced, or obsoleted by other documents at any
28	   time.  It is inappropriate to use Internet-Drafts as reference
29	   material or to cite them other than as "work in progress."

31	   This Internet-Draft will expire on January 2, 2011.

33	Copyright Notice

35	   Copyright (c) 2010 IETF Trust and the persons identified as the
36	   document authors.  All rights reserved.

38	   This document is subject to BCP 78 and the IETF Trust's Legal
39	   Provisions Relating to IETF Documents
40	   (http://trustee.ietf.org/license-info) in effect on the date of
41	   publication of this document.  Please review these documents
42	   carefully, as they describe your rights and restrictions with respect
43	   to this document.  Code Components extracted from this document must
44	   include Simplified BSD License text as described in Section 4.e of
45	   the Trust Legal Provisions and are provided without warranty as
46	   described in the Simplified BSD License.

48	Table of Contents

50	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
51	     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . . . 3
52	   2.  Assertion Request . . . . . . . . . . . . . . . . . . . . . . . 3
53	   3.  Assertion Response  . . . . . . . . . . . . . . . . . . . . . . 4
54	   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 4
55	   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
56	     5.1.  Normative References  . . . . . . . . . . . . . . . . . . . 4
57	     5.2.  Informative References  . . . . . . . . . . . . . . . . . . 4
58	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 4

60	1.  Introduction

62	   This extension defines an assertion format as described in section
63	   4.1.3 of [I-D.ietf.oauth-v2].

65	1.1.  Notational Conventions

67	   The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT',
68	   'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this
69	   document are to be interpreted as described in [RFC2119].

71	2.  Assertion Request

73	   The client will make a request to the authorization server as
74	   described in section 4.1.3 of [I-D.ietf.oauth-v2] with the following
75	   parameters:

77	   assertion_type
78	      REQUIRED. "http://oauth.net/token/1.0"

80	   assertion
81	      REQUIRED.  The OAuth 1.0 token and token secret to be upgraded as
82	      a JSON object with the keys `token` and `token_secret`.

84	   client_id
85	      REQUIRED.  The client identifier as described in Section 2 of
86	      [I-D.ietf.oauth-v2].

88	   client_secret
89	      REQUIRED.  The client secret as described in Section 2 of
90	      [I-D.ietf.oauth-v2].

92	   For example, the client makes the following HTTP request using
93	   transport-layer security:

95	 POST /token HTTP/1.1
96	 Host: server.example.com
97	 Content-Type: application/x-www-form-urlencoded

99	 grant_type=assertion&
100	 assertion_type=http%3A%2F%2Foauth.net%2Ftoken%2F1.0&
101	 assertion=%7B'token'%3A'rjmaGaw9ATW'%2C'token_secret'%3A'OgFcfEjBR'%7D&
102	 client_id=8eSEIpnqmM&
103	 client_secret=s6BhdRkqt3

105	3.  Assertion Response

107	   The authorization server MUST validate the client credentials, token,
108	   and token secret.  If they are all valid, the authorization server
109	   issues an access token response as described in Section 4.2 of
110	   [I-D.ietf.oauth-v2].  The new access token SHOULD have the same
111	   expiration and scope as the OAuth 1.0 token which the client is
112	   upgrading.

114	4.  Security Considerations

116	   No additional considerations beyond those described within the OAuth
117	   2.0 Protocol.

119	5.  References

121	5.1.  Normative References

123	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
124	              Requirement Levels", BCP 14, RFC 2119, March 1997.

126	5.2.  Informative References

128	   [I-D.ietf.oauth-v2]
129	              Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, "The
130	              OAuth 2.0 Protocol", Jun 2010.

132	Author's Address

134	   David Recordon (editor)
135	   Facebook

137	   Email: davidrecordon@facebook.com