[IPP] Oauth for IPP System Service
Michael Sweet
msweet at msweet.org
Wed Oct 7 21:03:13 UTC 2020
Smith/All,
I think given the precedent of Get-Printer-Attributes, we should consider that Get-System-Attributes has a similar limitation (no authentication) in order to allow Clients to discover a system service. And we can log an issue against the system service spec to track a future errata update that clarifies all of this... :/
> On Oct 7, 2020, at 4:51 PM, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy at hp.com> wrote:
>
> Hi there,
>
> In "IPP Authentication Methods v1.0" on page 19 (https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19), edge 13 says 'Check for "oauth-authorization-server-uri" and "oauth-authorization-scope" Printer Description attributes'. If the IPP System supported OAuth, then presumably a Client could do a Get-System-Attributes operation to get these same two attributes.
>
> But if the System is allowed to respond with an authentication challenge (similar to Get-User-Printer-Attributes but not similar to Get-Printer-Attributes) then we have a problem because those two OAuth attributes can't be acquired by the Client. I cannot tell from the definition of "Get-System-Attributes" in IPP System v1.0 (http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70) whether a System object is allowed to challenge a Client for authentication in response to a Get-System-Attributes operation request.
>
> Piotr, did I capture your "chicken-and-egg" concerns here?
>
> Smith
>
> /**
> Smith Kennedy
> HP Inc.
> */
>
>> On Oct 7, 2020, at 2:16 PM, Michael Sweet via ipp <ipp at pwg.org> wrote:
>>
>> Piotr,
>>
>> > On Oct 7, 2020, at 4:08 PM, Piotr Pawliczek via ipp <ipp at pwg.org> wrote:
>> >
>> > Hi,
>> >
>> > I am trying to figure out how to implement oauth authentication for the IPP System (e.g.: needed to send the Get-Printers request). I cannot find any references to oauth authorization in the document "IPP System Service v1.0 (SYSTEM)". Is there any plan to describe oauth authentication on the level of IPP System?
>>
>> OAuth happens at the HTTP level, so the IPP Authentication Methods v1.0 document applies to all IPP services, not just printing.
>>
>> ________________________
>> Michael Sweet
>>
>>
>>
>> _______________________________________________
>> ipp mailing list
>> ipp at pwg.org
>> https://www.pwg.org/mailman/listinfo/ipp
>
________________________
Michael Sweet
More information about the ipp
mailing list