[IPP] OAuth in IPP and the "oauth-authorization-server-uri" IPP attribute

[IPP] OAuth in IPP and the "oauth-authorization-server-uri" IPP attribute

Michael Sweet msweet at apple.com
Mon Jul 24 20:33:15 UTC 2017 

Smith,

PWG 5100.18 is IPP INFRA... :)

The "oauth-authorization-server-uri" Printer Description attribute specifies the OAuth server that the printer uses (and thus the client must use to obtain a bearer token) - this is needed because RFC 6750's WWW-Authenticate header does not include the authorization server...

OAuth Bearer tokens (used for HTTP authentication) do NOT rely on redirection, but instead use a cached token string that the Client obtains by going to the auth server.  Think Github API tokens...

The "access-oauth-token" member attribute contains the bearer token for the specified remote resource, and is how you provide third-party access to a resource.  The "access-oauth-uri" points to the OAuth server used.  The Printer uses the "access-oauth-token" value in the HTTP Authentication field, e.g.:

    Authentication: Bearer dflkjfler232rsdlfkj45efdlk12fasf


> On Jul 24, 2017, at 2:37 PM, Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com> wrote:
> 
> Greetings,
> 
> I am working on converting the "IPP Authentication" slide set to a whitepaper. In the process, I've been considering OAuth a bit more. PWG 5100.18 (IPP Transaction Based Printer Extensions) defines the "oauth-authorization-server-uri", "access-oauth-token", and "access-oauth-uri" attributes. It isn't clear to me how these attributes integrate into an OAuth authentication system. 
> 
> The way that OAuth / OAuth2 seems to work, there will be an HTTP response redirecting the User Agent (IPP Client) to a different server for authentication. If this is all handled at the HTTP layer, what value do these IPP attributes provide?
> 
> Thanks for any help,
> 
> Smith
> 
> /**
>    Smith Kennedy
>    Wireless Architect - Client Software - IPG-PPS
>    Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB IF
>    Chair, IEEE ISTO Printer Working Group
>    HP Inc.
> */
> 
> 
> 
> _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

More information about the ipp mailing list