Replace "authentication server" with "authorization server" in the previous message ;)
On Fri, Aug 10, 2012 at 9:50 AM, Håvard Geithus <[email protected]> wrote: > Hi, > > Either the resource server can ask the authentication server for > information associated with the token (e.g. resource owner's id and scope) > or this information can be encrypted into the token string. The scope > defines what resources, and resource owner id defines whose resource. At > least that's how I *think* it is. > > On Fri, Aug 10, 2012 at 8:53 AM, <[email protected]> wrote: > >> >> Hi, all >> I wonder how an access token is bound with the required resource item, >> I cann't see any field specifying the requested resource in request for >> authorization token and access token. >> Is "scope" relevant with this? >> >> Regards~~~ >> >> -Sujing Zhou >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
