{"id":1823,"date":"2018-04-23T12:12:09","date_gmt":"2018-04-23T19:12:09","guid":{"rendered":"https:\/\/self-issued.info\/?p=1823"},"modified":"2018-04-23T12:12:09","modified_gmt":"2018-04-23T19:12:09","slug":"oauth-device-flow-spec-addressing-area-director-comments","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=1823","title":{"rendered":"OAuth Device Flow spec addressing Area Director comments"},"content":{"rendered":"<p><span class=\"plain\"><img decoding=\"async\" align=\"right\" src=\"https:\/\/self-issued.info\/images\/oauth_logo_120x120.png\" alt=\"OAuth logo\"\/><\/span>The OAuth 2.0 Device Flow for Browserless and Input Constrained Devices specification has been updated to address feedback by Security Area Director Eric Rescorla about the potential of a confused deputy attack.  Thanks to <a href=\"https:\/\/twitter.com\/ve7jtb\">John Bradley<\/a> for helping work out the response to Eric and to <a href=\"https:\/\/twitter.com\/WilliamDenniss\">William Denniss<\/a> for reviewing and publishing the changes to the draft.<\/p>\n<p>The specification is available at:<\/p>\n<ul>\n<li><a href=\"https:\/\/tools.ietf.org\/html\/draft-ietf-oauth-device-flow-09\">https:\/\/tools.ietf.org\/html\/draft-ietf-oauth-device-flow-09<\/a><\/li>\n<\/ul>\n<p>An HTML-formatted version is also available at:<\/p>\n<ul>\n<li><a href=\"https:\/\/self-issued.info\/docs\/draft-ietf-oauth-device-flow-09.html\">https:\/\/self-issued.info\/docs\/draft-ietf-oauth-device-flow-09.html<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The OAuth 2.0 Device Flow for Browserless and Input Constrained Devices specification has been updated to address feedback by Security Area Director Eric Rescorla about the potential of a confused deputy attack. Thanks to John Bradley for helping work out the response to Eric and to William Denniss for reviewing and publishing the changes to [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,26,25],"tags":[],"class_list":["post-1823","post","type-post","status-publish","format-standard","hentry","category-ietf","category-oauth","category-specifications"],"_links":{"self":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1823"}],"version-history":[{"count":1,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1823\/revisions"}],"predecessor-version":[{"id":1824,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1823\/revisions\/1824"}],"wp:attachment":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}