Hi, Either the resource server can ask the authentication server for information associated with the token (e.g. resource owner's id and scope) or this information can be encrypted into the token string. The scope defines what resources, and resource owner id defines whose resource. At least that's how I *think* it is.
On Fri, Aug 10, 2012 at 8:53 AM, <[email protected]> wrote: > > Hi, all > I wonder how an access token is bound with the required resource item, > I cann't see any field specifying the requested resource in request for > authorization token and access token. > Is "scope" relevant with this? > > Regards~~~ > > -Sujing Zhou > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
