Re: [OAUTH-WG] Scopes in access token response

Wed, 04 Dec 2013 16:02:24 -0800 

For what it's worth, we pass back a space-separated list in the response:

{
  "id":"
https://login.salesforce.com/id/00Dd0000000f6kcEAA/005d0000001kTmOAAU";,
  "issued_at":"1386201559129",
  *"scope":"id api refresh_token",*
  "instance_url":"https://aloha.my.salesforce.com";,
  "refresh_token":"5Ae...vDy",
  "signature":"5cN...mw=",
  "access_token":"00D...1aI"
}

Cheers,

Pat

-- 

Pat Patterson | Developer Evangelist Architect |
http://about.me/patpatterson


On Wed, Dec 4, 2013 at 12:06 PM, John Bradley <[email protected]> wrote:

> Per Sec 3.3 and Appendix A.4
>
> scope is a space SP separated list of scope-token which are 1*NQCHAR
>
> So query encoded it looks like &scope=openid%20profile%20email (you would
> be sending it in a POST form encoded to the token endpoint in your case)
> and the response will be JSON:
> {
>    "access_token":"2YotnFZFEjr1zCsicMWpAA",
>    "token_type":"example",
>    "expires_in":3600,
>    "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
>    "scope":"openid profile email"
>  }
>
> Yes the examples probably should have included scope but it is clear from
> the normative text.
>
> John B.
>
> On Dec 3, 2013, at 8:55 AM, Andreas Kohn <[email protected]> wrote:
>
> > Hi,
> >
> > the current RFC for OAuth 2.0 (http://www.rfc-editor.org/rfc/rfc6749.txt)
> is very unclear on *how* to return the scope in the access token response
> if there are multiple scopes requested/returned.
> >
> > Could someone please clarify whether the scopes are supposed to be
> returned as
> > 1. space separated string value (i.e. in the same syntax in which they
> came in), or
> > 2. as JSON array (looks most "JSON-y"), or
> > 3. in another format (for example github uses ',')
> >
> > There is a related question on stackoverflow:
> http://stackoverflow.com/questions/13290994/how-should-approved-scopes-be-returned-from-an-oauth2-0
> >
> >
> > Regards,
> > --
> > Andreas
> >
> >
> >
> > _______________________________________________
> > OAuth mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to