Hi, I'm new in this group. I'm studing the OAuth protocol and there are some questions that I would make you in order to verify if I've well understood. I've read yet many post of this group about that questions, but I want join all togheter.
I know that the Core 1.0 leave at the Service Provider the freedom of implement its role in the protocol, infact in the next questions I try to understand what hypothetically should happen. 1) Service Provider side, what happens immediately after that the Consumer makes a request for an unauthorized Request Token? The Service Provider creates a local entry in its database where there is the bind between the Request Token and the Consumer? Because in the next step the Consumer redirects the User to login at the Service Provider and the Service Provider shows at the User that there is a specific Consumer that want access at the resources, but how knows what is this specific Consumer? Then I suppose that the previous local entry can be useful in this step, because the Service Provider can search in its database the entry for the Request Token and find the correspondent Consumer. It's correct or happens something else in this step? 2) "By default", after the User is redirected by the Consumer to the Service Provider, if the User authorize the Consumer then the User grants the access at all its resources? "By default" in sense that, if I don't wrong, the Service Provider can also implements a way for grant a limited access, for example an only read access. 3) Service Provider side, what happens immediately after that the User grant access at the Consumer? The Service Provider creates a local entry in its database where there is the bind between the Request Token and the User, or between the User and the Consumer? Because when after the Consumer make a request for an Access Token, the Service Provider needs to knows what is the User involved, or not? Thanks to everybody :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
