It seems that they don't ask for scopes. The parameter is left blank: scope=
Kind regards, Maciej On 22 July 2015 at 10:26, Phil Hunt <[email protected]> wrote: > Do they explicitly ask for those scopes? Or do they leave scope to default > that way. > > Phil > > On Jul 22, 2015, at 10:22, Justin Richer <[email protected]> wrote: > > This is a pretty clear case of SlideShare trying to grab too much. The > LinkedIn API (which is their own proprietary thing, not OpenID Connect) > does separate all the permissions into different scopes. However, the > SlideShare app is asking for all of them, and LinkedIn doesn’t let you > uncheck any boxes on the authorization screen. > > FWIW, the reason they want write access to your profile is to > automatically add new SlideShare presentations that you upload to your > LinkedIn profile page. You should still have the option of turning that > off, or of turning on that functionality later. > > — Justin > > On Jul 22, 2015, at 9:49 AM, Kathleen Moriarty < > [email protected]> wrote: > > Hey Barry, > > From my observations with Facebook, it now has options added for you to > select what resources from Facebook will get shared when authorizing access > to other applications. You can click on each of the possibilities and > strip it down. It appears to me that Facebook is managing that, so in your > case, I *think* (and am open to be corrected) that LinkedIn needs to do > something similar. Without those options, I also cancel out and just don't > use the other app. > > Thanks, > Kathleen > > On Wed, Jul 22, 2015 at 3:44 AM, Barry Leiba <[email protected]> > wrote: > >> Yesterday, someone sent me a link to some presentation slides that >> he'd posted to SlideShare. I looked at them, and wanted to download >> them as a PDF. In order to let me do that, SlideShare wants me to log >> in. It gives me the options to log in via LinkedIn or Facebook. As >> I'm one of the three people in the world without a Facebook account, I >> clicked "LinkedIn". That got me an OAuth authorization screen, image >> attached. >> >> Now, I don't know if this is SlideShare's fault for asking for too >> much, or LinkedIn's fault for not providing enough granularity for >> requests, but just LOOK at that list of what I'd be giving SlideShare >> access to. The first few make sense: read my profile (the whole thing >> or pieces of it, including contact information). But... access to my >> connections? I'm not sure they'd like my exposing their identities to >> SlideShare. Access to my private messages? EDIT MY PROFILE? Srsly? >> >> Of course, this isn't the fault of the OAuth protocol, really (though >> one might argue that there's not enough guidance provided). But, >> really, with implementations like this, I have to wonder what they're >> thinking. >> >> I clicked "Cancel", of course, and asked the slide creator to send me a >> PDF. >> >> Barry >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > > -- > > Best regards, > Kathleen > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > -- Maciej Machulak email: [email protected] mobile: +44 7999 606 767 (UK) mobile: +48 602 45 31 66 (PL)
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
