Do they explicitly ask for those scopes? Or do they leave scope to default that way.
Phil > On Jul 22, 2015, at 10:22, Justin Richer <[email protected]> wrote: > > This is a pretty clear case of SlideShare trying to grab too much. The > LinkedIn API (which is their own proprietary thing, not OpenID Connect) does > separate all the permissions into different scopes. However, the SlideShare > app is asking for all of them, and LinkedIn doesn’t let you uncheck any boxes > on the authorization screen. > > FWIW, the reason they want write access to your profile is to automatically > add new SlideShare presentations that you upload to your LinkedIn profile > page. You should still have the option of turning that off, or of turning on > that functionality later. > > — Justin > >> On Jul 22, 2015, at 9:49 AM, Kathleen Moriarty >> <[email protected]> wrote: >> >> Hey Barry, >> >> From my observations with Facebook, it now has options added for you to >> select what resources from Facebook will get shared when authorizing access >> to other applications. You can click on each of the possibilities and strip >> it down. It appears to me that Facebook is managing that, so in your case, >> I *think* (and am open to be corrected) that LinkedIn needs to do something >> similar. Without those options, I also cancel out and just don't use the >> other app. >> >> Thanks, >> Kathleen >> >>> On Wed, Jul 22, 2015 at 3:44 AM, Barry Leiba <[email protected]> >>> wrote: >>> Yesterday, someone sent me a link to some presentation slides that >>> he'd posted to SlideShare. I looked at them, and wanted to download >>> them as a PDF. In order to let me do that, SlideShare wants me to log >>> in. It gives me the options to log in via LinkedIn or Facebook. As >>> I'm one of the three people in the world without a Facebook account, I >>> clicked "LinkedIn". That got me an OAuth authorization screen, image >>> attached. >>> >>> Now, I don't know if this is SlideShare's fault for asking for too >>> much, or LinkedIn's fault for not providing enough granularity for >>> requests, but just LOOK at that list of what I'd be giving SlideShare >>> access to. The first few make sense: read my profile (the whole thing >>> or pieces of it, including contact information). But... access to my >>> connections? I'm not sure they'd like my exposing their identities to >>> SlideShare. Access to my private messages? EDIT MY PROFILE? Srsly? >>> >>> Of course, this isn't the fault of the OAuth protocol, really (though >>> one might argue that there's not enough guidance provided). But, >>> really, with implementations like this, I have to wonder what they're >>> thinking. >>> >>> I clicked "Cancel", of course, and asked the slide creator to send me a PDF. >>> >>> Barry >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> -- >> >> Best regards, >> Kathleen >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
