Finale 2009 Serial Authorization
Mandi Tofolla
To receive all the benefits of being a Finale owner, including customer support, free maintenance updates, and discounts on future upgrades and new products, be sure to complete the Finale Authorization Wizard.
If the Authorization Wizard encounters any problems, use the on-screen instructions to troubleshoot the authorization process. The Computer ID and Authorization Code are computer-specific and will only work on the given computer installation. Make sure that correct serial number has been entered.
From here, you can choose how you want to begin a new score, continue working on an existing project, or access reference materials. For example, select Setup Wizard to begin a new custom document by specifying the title, staves, key signature, time signature, and other attributes for your new score. If you are new to Finale, check out the Tutorial Guide to learn Finale basics.
Finale automatically sets up your MIDI Input and playback settings, but if you would like to make adjustments, you can find these settings in the MIDI Setup dialog box. You can learn how to configure your MIDI system using this dialog box in the next section.
Your copy of Finale can be authorized on two computers simultaneously. However, with an Internet connection, authorization can be moved from one computer to another at will. If you still have access to the computer, choose Help > Deauthorize Finale to open up a free authorization slot. Deauthorization can also occur at your www.makemusic.com account by logging in and clicking Manage Authorizations. Your copy of Finale can now be authorized on a different computer.
Deauthorize prior to making hardware changes to your computer, such as replacing a hard drive. Doing so will ensure a slot is open to authorize after updating your hardware. When you deauthorize, printing, saving and sharing are disabled until authorization has been restored.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
This specification definesthe core OpenID Connect functionality:authentication built on top of OAuth 2.0 andthe use of Claims to communicate information about the End-User.It also describes the security and privacy considerations for using OpenID Connect.
The OpenID Connect Core 1.0 specification definesthe core OpenID Connect functionality:authentication built on top of OAuth 2.0 andthe use of Claims to communicate information about the End-User.It also describes the security and privacy considerations for using OpenID Connect.
In the .txt version of this specification, values are quoted to indicate that they are to be taken literally. When using these values in protocol messages, the quotes MUST NOT be used as part of the value. In the HTML version of this specification, values to be taken literally are indicated by the use of this fixed-width font.
IMPORTANT NOTE TO READERS: The terminology definitions in this section are a normative portion of this specification, imposing requirements upon implementations. All the capitalized words in the text of this specification, such as "Issuer Identifier", reference these defined terms. Whenever the reader encounters them, their definitions found in this section must be followed.
ID Tokens SHOULD NOT use the JWS or JWEx5u,x5c,jku, orjwkHeader Parameter fields.Instead, references to keys used arecommunicated in advance using Discovery and Registration parameters,per Section 10 (Signatures and Encryption).
OpenID Connect performs authentication to log in the End-Useror to determine that the End-User is already logged in.OpenID Connect returns the result of the Authenticationperformed by the Server to the Client in a secure mannerso that the Client can rely on it.For this reason, the Client is called Relying Party (RP) in this case.
The Authentication result is returned in anID Token, as defined in Section 2 (ID Token).It has Claims expressing such information as the Issuer,the Subject Identifier, when the authentication was performed, etc.
The Authorization Code Flow returns an Authorization Code to theClient, which can then exchange it for an ID Token and an Access Token directly.This provides the benefit of not exposing any tokens to theUser Agent and possibly other malicious applications with accessto the User Agent.The Authorization Server can alsoauthenticate the Client before exchanging the Authorization Code for anAccess Token. The Authorization Code flow is suitable for Clients thatcan securely maintain a Client Secret between themselves and theAuthorization Server.
The Authorization Endpoint performs Authentication of the End-User. This is done by sending the User Agent to the Authorization Server's Authorization Endpoint for Authentication and Authorization, using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect.
The following is a non-normative exampleHTTP 302 redirect response by the Client, which triggersthe User Agent to make an Authentication Requestto the Authorization Endpoint(with line wraps within values for display purposes only):
The following is the non-normative example requestthat would be sent by the User Agent to the Authorization Serverin response to the HTTP 302 redirect response by the Client above(with line wraps within values for display purposes only):
If the request is valid, the Authorization Server attempts to Authenticate the End-User or determines whether the End-User is Authenticated, depending upon the request parameter values used. The methods used by the Authorization Server to Authenticate the End-User (e.g., username and password, session cookies, etc.) are beyond the scope of this specification. An Authentication user interface MAY be displayed by the Authorization Server, depending upon the request parameter values used and the authentication methods used.
Once the End-User is authenticated, the Authorization Server MUST obtain an authorization decision before releasing information to the Relying Party. When permitted by the request parameters used, this MAY be done through an interactive dialogue with the End-User that makes it clear what is being consented to or by establishing consent via conditions for processing the request or other means (for example, via previous administrative consent). Sections 2 (ID Token) and 5.3 (UserInfo Endpoint) describe information release mechanisms.
Unless the Redirection URI is invalid, the Authorization Server returns the Client to the Redirection URI specified in the Authorization Request with the appropriate error and state parameters. Other parameters SHOULD NOT be returned. If the Redirection URI is invalid, the Authorization Server MUST NOT redirect the User Agent to the invalid Redirection URI.
If the Response Mode value is not supported, the Authorization Server returns an HTTP response code of 400 (Bad Request) without Error Response parameters, since understanding the Response Mode is necessary to know how to return those parameters.
When using the Authorization Code Flow, if the ID Token contains an at_hash Claim, the Client MAY use it to validate the Access Token in the same manner as for the Implicit Flow, as defined in Section 3.2.2.9 (Access Token Validation), but using the ID Token and Access Token returned from the Token Endpoint.
The Implicit Flow is mainly used by Clients implemented in a browserusing a scripting language. The Access Token and ID Token are returneddirectly to the Client, which may expose them to the End-User andapplications that have access to the End-User's User Agent.The Authorization Server does not perform Client Authentication.
When using the Implicit Flow, the Authorization Endpoint is used in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2 (Authorization Endpoint), with the exception of the differences specified in this section.
The following is a non-normative example request using the Implicit Flowthat would be sent by the User Agent to the Authorization Serverin response to a corresponding HTTP 302 redirect response by the Client(with line wraps within values for display purposes only):
When using the Implicit Flow, End-User Authentication is performed in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2.3 (Authorization Server Authenticates End-User).
When using the Implicit Flow, End-User Consent is obtained in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2.4 (Authorization Server Obtains End-User Consent/Authorization).
When using the Implicit Flow, Authentication Responses are made in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2.5 (Successful Authentication Response), with the exception of the differences specified in this section.
When using the Implicit Flow, Authorization Error Responses are made in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2.6 (Authentication Error Response), with the exception of the differences specified in this section.
Since response parameters are returned in the Redirection URI fragment value, the Client needs to have the User Agent parse the fragment encoded values and pass them to on to the Client's processing logic for consumption. See Section 15.5.3 (Redirect URI Fragment Handling Implementation Notes) for implementation notes on URI fragment handling.
When using the Implicit Flow, the contents of the ID Token MUST be validated in the same manner as for the Authorization Code Flow, as defined in Section 3.1.3.7 (ID Token Validation), with the exception of the differences specified in this section.
When using the Hybrid Flow, the Authorization Endpoint is used in the same manner as for the Authorization Code Flow, as defined in Section 3.1.2 (Authorization Endpoint), with the exception of the differences specified in this section.
7fc3f7cf58