So Bob has already issued credentials to App-A and now needs to authorize App-B?
>________________________________
> From: David Fox <[email protected]>
>To: William Mills <[email protected]>
>Cc: 'OAuth WG' <[email protected]>; [email protected]
>Sent: Sunday, March 11, 2012 9:47 PM
>Subject: Re: [OAUTH-WG] Issue token for another user
>
>
>@Shane: Good point, and in my application the user/client would be authorizing
>another registered program. Was just using Bob to keep with the example.
>
>@William:
>1. I'm just building the API now so anything is possible, but could
you give me an example of what you mean?
>2. Sure will do, though, if that is a website, I'm not able to
connect to it.
>
>On 3/11/2012 23:28, William Mills wrote:
>Can you specify the user being accesses as the resource in the URL?
>>
>>
>>
>>
>>
>>P.S. Please start using the
>>http://twiki.corp.yahoo.com/view/Paranoidyahoos/SecurityRequest for new
>>requests like product and feature reviews.
>>
>>
>>
>>>________________________________
>>> From: David Fox <[email protected]>
>>>To: 'OAuth WG' <[email protected]>
>>>Sent: Sunday, March 11, 2012 7:10 PM
>>>Subject: [OAUTH-WG] Issue token for another user
>>>
>>>
>>>http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8
>>>
>>>In order to achieve the use case above, how would
the client (a.k.a the resource owner in this case)
specify which user to authorize?
>>>
>>>Would the correct approach be to make a request to
the Authorization Server with the grant type set to
"client_credentials" and set the scope to
user=user_id (where user_id would be the identifier
for the user Bob)?
>>>
>>>-David
>>>
>>>_______________________________________________
>>>OAuth mailing list
>>>[email protected]
>>>https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>>>
>
>_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
