Re: [OAUTH-WG] Issue token for another user

Sun, 11 Mar 2012 22:24:18 -0700

More like, Bill (client/resource owner) wants to authorize and generate a token for App-B. 

On 3/12/2012 00:10, William Mills wrote:
So Bob has already issued credentials to App-A and now needs to authorize App-B? 


    ------------------------------------------------------------------------
    *From:* David Fox <[email protected]>
    *To:* William Mills <[email protected]>
    *Cc:* 'OAuth WG' <[email protected]>; [email protected]
    *Sent:* Sunday, March 11, 2012 9:47 PM
    *Subject:* Re: [OAUTH-WG] Issue token for another user

    @Shane: Good point, and in my application the user/client would be
    authorizing another registered program. Was just using Bob to keep
    with the example.

    @William:
    1. I'm just building the API now so anything is possible, but
    could you give me an example of what you mean?
    2. Sure will do, though, if that is a website, I'm not able to
    connect to it.

    On 3/11/2012 23:28, William Mills wrote:

    Can you specify the user being accesses as the resource in the URL?


    P.S. Please start using the

    http://twiki.corp.yahoo.com/view/Paranoidyahoos/SecurityRequest 
    for new requests like product and feature  reviews.


        ------------------------------------------------------------------------
        *From:* David Fox <[email protected]>
        <mailto:[email protected]>
        *To:* 'OAuth WG' <[email protected]> <mailto:[email protected]>
        *Sent:* Sunday, March 11, 2012 7:10 PM
        *Subject:* [OAUTH-WG] Issue token for another user

        http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8

        In order to achieve the use case above, how would the client
        (a.k.a the resource owner in this case) specify which user to
        authorize?

        Would the correct approach be to make a request to the
        Authorization Server with the grant type set to
        "client_credentials" and set the scope to user=user_id (where
        user_id would be the identifier for the user Bob)?

        -David

        _______________________________________________
        OAuth mailing list
        [email protected] <mailto:[email protected]>
        https://www.ietf.org/mailman/listinfo/oauth






_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to