Re: [WG-UMA] UMA Authorization Code Grant

22 Mar 2021


      Hi Igor, I'd agree it seems duplicated on first look.

The 'mail retrieving agent' (MRA) should only need the link(URI) to the
resource, once the MRA makes the 'RPT-less' resource request it will be
returned a fresh ticket and the location of the UMA AS (through
WWW-Authenticate)

Best,
- Alec

Alec Laws
alec@identos.ca


On Mon, Mar 22, 2021 at 1:03 PM Igor Zboran  wrote:
...
Hmm, it seems to me that the resource id / ticket are in this grant
redundant. Am I right?
-Igor
On Mon, Mar 22, 2021 at 1:28 PM Igor Zboran  wrote:
...
Hi all,
The UMA Authorization Code Grant defines a mechanism for user-to-user
(sender-to-recipient) delegation of access. Figure 1 provides the schematic
flow for the UMA Authorization Code Grant by which the sender (Resource
Owner) delegates the Requesting Party Client to access the sender's
resources on behalf of the recipient.
[image: image.png]
         Figure 1.
Regards
-Igor
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma