There has been some discussion about modifying the scope of the access token
during a refresh. Perhaps we can add another "method" to what the AS MAY
support that allows modifying the scope of an access token. Type of request is
"modify" and the scope parameter is required to indicate the new scope
required. Suggested copy below:
type
REQUIRED. The parameter value MUST be set to modify
client_id
REQUIRED. The client identifier as described in Section 3.4.
client_secret
REQUIRED if the client was issued a secret. The client secret.
refresh_token
REQUIRED. The refresh token associated with the access token to be
refreshed.
scope
REQUIRED. The new scope of the access request expressed as a list of
space-delimited strings. The value of the scope parameter is defined by the
authorization server. If the value contains multiple space-delimited strings,
their order does not matter, and each string adds additional access range to
the requested scope.
secret_type
OPTIONAL. The access token secret type as described by Section 8.3. If
omitted, the authorization server will issue a bearer token (an access token
without a matching secret) as described by Section 8.2.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
