Can you specify the user being accesses as the resource in the URL?
P.S. Please start using the
http://twiki.corp.yahoo.com/view/Paranoidyahoos/SecurityRequest for new
requests like product and feature reviews.
>________________________________
> From: David Fox <[email protected]>
>To: 'OAuth WG' <[email protected]>
>Sent: Sunday, March 11, 2012 7:10 PM
>Subject: [OAUTH-WG] Issue token for another user
>
>
>http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8
>
>In order to achieve the use case above, how would the client (a.k.a
the resource owner in this case) specify which user to authorize?
>
>Would the correct approach be to make a request to the Authorization
Server with the grant type set to "client_credentials" and set the
scope to user=user_id (where user_id would be the identifier for the
user Bob)?
>
>-David
>
>_______________________________________________
>OAuth mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
