Hi,
I have few questions about the client_credentials grant type.
Section 4.4 [1] says: "...client is requesting access to the protected
resources under its control, or those of another resource owner..."
What I do not understand is the latter part of the above statement, how
to establish a link between the client authentication (which is an
actual grant in this case) and different resource owners given that the
only thing we have is the client authentication. As far as I can see it
is only possible to get a one to one link with the end user in this case.
Can someone please clarify what is meant by "those of another resource
owner" phrase ?
The other question is about an optional scope parameter. It has to be
ignored in case of the client requesting a token for accessing its own
resources, right ?
Thanks, Sergey
[1] http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
