idnits 2.17.00 (12 Aug 2021) /tmp/idnits45062/draft-recordon-oauth-v2-ux-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (Jul 2010) is 4327 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Recordon, Ed. 3 Internet-Draft Facebook 4 Intended status: Standards Track A. Tom 5 Expires: January 2, 2011 Yahoo! 6 B. de Medeiros 7 Google 8 L. Shepard 9 Facebook 10 Jul 2010 12 OAuth 2.0 User Experience Extension 13 draft-recordon-oauth-v2-ux-00 15 Abstract 17 This specification defines two user experience oriented extension 18 parameters for OAuth 2.0 user authorization requests. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on January 2, 2011. 37 Copyright Notice 39 Copyright (c) 2010 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 56 2. Language Preference . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 59 5. Normative References . . . . . . . . . . . . . . . . . . . . . 4 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 4 62 1. Introduction 64 This extension defines additional parameters for the client to 65 include in OAuth 2.0 requests to the authorization server. While 66 there are not restrictions around which flows this extension can be 67 used with, it will generally be used with user delegation flows. 69 1.1. Notational Conventions 71 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 72 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this 73 document are to be interpreted as described in [RFC2119]. 75 2. Language Preference 77 A client MAY provide the authorization server with information about 78 an end-user's language preference. The client includes the following 79 URI query parameter when constructing its request to the end-user 80 authorization endpoint URI: 82 language 83 OPTIONAL. The user's preferred languages represented as a comma- 84 separated list of [RFC5646] basic language ranges in descending 85 priority order. For example, the value "fr-CA,fr-FR,en-CA" 86 represents the preference for French spoken in Canada, French 87 spoken in France, followed by English spoken in Canada. 89 This parameter SHOULD take precedence over both the HTTP Accept- 90 Language header sent by the end-user's browser and any language 91 preference inferred via IP address geolocation. 93 3. Display 95 OAuth 2.0 user delegation flows are designed to work across a wide 96 variety of screen sizes, device types, and contexts. The client MAY 97 request a specific form factor of dialog from the authorization 98 server based on what they feel is most appropriate. The client 99 includes the following URI query parameter when constructing its 100 request to the end-user authorization endpoint URI: 102 display 103 OPTIONAL. The most appropriate form factor for the authorization 104 dialog. If the parameter is included in the request, the value 105 MUST be set to one of the following: 107 page 108 A full-page authorization screen (the default). 110 popup 111 A compact dialog optimized for modern web browser popup 112 windows. 114 touch 115 A mobile-optimized dialog designed for modern smartphones such 116 as Android and iPhone. 118 wap 119 An extremely compact dialog optimized for older mobile web 120 browsers. 122 4. Security Considerations 124 No additional considerations beyond those described within the OAuth 125 2.0 Protocol. 127 5. Normative References 129 [I-D.ietf.oauth-v2] 130 Hammer-Lahav, E., Ed., Recordon, D., and D. Hardt, "The 131 OAuth 2.0 Protocol", Jun 2010. 133 [RFC2119] Bradner, B., "Key words for use in RFCs to Indicate 134 Requirement Levels", BCP 14, RFC 2119. 136 [RFC5646] Phillips, A., Ed. and M. Davis, Ed., "Tags for Identifying 137 Languages", BCP 47, RFC 5646. 139 Authors' Addresses 141 David Recordon (editor) 142 Facebook 144 Email: davidrecordon@facebook.com 145 Allen Tom 146 Yahoo! 148 Email: atom@yahoo-inc.com 150 Breno de Medeiros 151 Google 153 Email: breno@google.com 155 Luke Shepard 156 Facebook 158 Email: lshepard@facebook.com