@Shane: Good point, and in my application the user/client would be
authorizing another registered program. Was just using Bob to keep with
the example.
@William:
1. I'm just building the API now so anything is possible, but could you
give me an example of what you mean?
2. Sure will do, though, if that is a website, I'm not able to connect
to it.
On 3/11/2012 23:28, William Mills wrote:
Can you specify the user being accesses as the resource in the URL?
P.S. Please start using the
http://twiki.corp.yahoo.com/view/Paranoidyahoos/SecurityRequest for
new requests like product and feature reviews.
------------------------------------------------------------------------
*From:* David Fox <[email protected]>
*To:* 'OAuth WG' <[email protected]>
*Sent:* Sunday, March 11, 2012 7:10 PM
*Subject:* [OAUTH-WG] Issue token for another user
http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8
In order to achieve the use case above, how would the client
(a.k.a the resource owner in this case) specify which user to
authorize?
Would the correct approach be to make a request to the
Authorization Server with the grant type set to
"client_credentials" and set the scope to user=user_id (where
user_id would be the identifier for the user Bob)?
-David
_______________________________________________
OAuth mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
