Hi, I am currently implementing an API that uses OAuth. I’m including a basic resource authorization feature in my API that lets clients ask for read/write permissions to a number of resources while getting a request token (something like permissions="read:/accounts/ write:/accounts/transactions/").
I know that this isn’t covered by 1.0a or the latest draft. After searching for a bit, I found this functionality mentioned in this thread [1] and a thread about OAuth Core 1.1 [2]. I haven’t seen any mention of this since then, and I don’t believe this is being tackled by WRAP either. My question to the floor: is there a draft I’ve missed that includes this? Are there any APIs planned or shipping that have this functionality? Is this something worth standardizing, or should each service provider do it their own way? -Chasen P.S. My apologies if I posted this to the wrong mailing list; I thought this would be a better choice than the Google Groups list. [1] https://groups.google.com/group/oauth/browse_thread/thread/e44310037ba355e3/91cabf9061004d0a [2] https://groups.google.com/group/oauth/browse_thread/thread/b4d71abb0ac81e60/878a35a9d355437b
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
