attachment
<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi there,<div class=""><br class=""></div><div class="">In "IPP Authentication Methods v1.0" on page 19 (<a href="https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19" class="">https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19</a>), edge 13 says 'Check for "oauth-authorization-server-uri" and "oauth-authorization-scope" Printer Description attributes'. If the IPP System supported OAuth, then presumably a Client could do a Get-System-Attributes operation to get these same two attributes. </div><div class=""><br class=""></div><div class="">But if the System is allowed to respond with an authentication challenge (similar to Get-User-Printer-Attributes but not similar to Get-Printer-Attributes) then we have a problem because those two OAuth attributes can't be acquired by the Client. I cannot tell from the definition of "Get-System-Attributes" in IPP System v1.0 (<a href="http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70" class="">http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70</a>) whether a System object is allowed to challenge a Client for authentication in response to a Get-System-Attributes operation request.</div><div class=""><br class=""></div><div class="">Piotr, did I capture your "chicken-and-egg" concerns here?<br class=""><div class=""><br class=""><div class="">
Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> HP Inc.<br class="">*/
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Oct 7, 2020, at 2:16 PM, Michael Sweet via ipp <<a href="mailto:ipp@pwg.org" class="">ipp@pwg.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252" class="">
<div class="">Piotr,<br class="">
<br class="">
> On Oct 7, 2020, at 4:08 PM, Piotr Pawliczek via ipp <<a href="mailto:ipp@pwg.org" class="">ipp@pwg.org</a>> wrote:<br class="">
> <br class="">
> Hi,<br class="">
> <br class="">
> I am trying to figure out how to implement oauth authentication for the IPP System (e.g.: needed to send the Get-Printers request). I cannot find any references to oauth authorization in the document "IPP System Service v1.0 (SYSTEM)". Is there any plan to describe oauth authentication on the level of IPP System?<br class="">
<br class="">
OAuth happens at the HTTP level, so the IPP Authentication Methods v1.0 document applies to all IPP services, not just printing.<br class="">
<br class="">
________________________<br class="">
Michael Sweet<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
ipp mailing list<br class="">
<a href="mailto:ipp@pwg.org" class="">ipp@pwg.org</a><br class="">
<a href="https://www.pwg.org/mailman/listinfo/ipp" class="">https://www.pwg.org/mailman/listinfo/ipp</a><br class="">
</div>
</div></blockquote></div><br class=""></div></div></body></html>