Thanks for the feedback. That’s what I presumed and I’m glad I wasn’t missing anything.
For the record, I ended up adding two comma-separated parameters to the request token request like so: read_permissions=user&write_permission=accounts,accounts/transactions [Documentation: https://ironmoney.com/api/permissions/] On Sat, Jan 23, 2010 at 6:08 PM, Blaine Cook <[email protected]> wrote: > Hi Chasen, > > the general consensus is that this is something best handled by each > provider individually, since there are too many possible approaches to > permissions to be covered in the authorization spec. Flickr and > Twitter are good examples of how to do simple read/write permissions. > > b. > > 2010/1/22 Chasen Le Hara <[email protected]>: > > Hi, > > I am currently implementing an API that uses OAuth. I’m including a basic > > resource authorization feature in my API that lets clients ask for > > read/write permissions to a number of resources while getting a request > > token (something like permissions="read:/accounts/ > > write:/accounts/transactions/"). > > I know that this isn’t covered by 1.0a or the latest draft. After > searching > > for a bit, I found this functionality mentioned in this thread [1] and a > > thread about OAuth Core 1.1 [2]. I haven’t seen any mention of this since > > then, and I don’t believe this is being tackled by WRAP either. > > My question to the floor: is there a draft I’ve missed that includes > > this? Are there any APIs planned or shipping that have this > functionality? > > Is this something worth standardizing, or should each service provider do > it > > their own way? > > -Chasen > > P.S. My apologies if I posted this to the wrong mailing list; I thought > this > > would be a better choice than the Google Groups list. > > [1] > https://groups.google.com/group/oauth/browse_thread/thread/e44310037ba355e3/91cabf9061004d0a > > [2] > https://groups.google.com/group/oauth/browse_thread/thread/b4d71abb0ac81e60/878a35a9d355437b > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > > > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
