According to the LinkedIn docs, that means they get all the scopes that they registered for.
— Justin > On Jul 22, 2015, at 10:59 AM, Maciej Machulak <[email protected]> > wrote: > > It seems that they don't ask for scopes. > > The parameter is left blank: scope= > > Kind regards, > Maciej > > On 22 July 2015 at 10:26, Phil Hunt <[email protected] > <mailto:[email protected]>> wrote: > Do they explicitly ask for those scopes? Or do they leave scope to default > that way. > > Phil > > On Jul 22, 2015, at 10:22, Justin Richer <[email protected] > <mailto:[email protected]>> wrote: > >> This is a pretty clear case of SlideShare trying to grab too much. The >> LinkedIn API (which is their own proprietary thing, not OpenID Connect) does >> separate all the permissions into different scopes. However, the SlideShare >> app is asking for all of them, and LinkedIn doesn’t let you uncheck any >> boxes on the authorization screen. >> >> FWIW, the reason they want write access to your profile is to automatically >> add new SlideShare presentations that you upload to your LinkedIn profile >> page. You should still have the option of turning that off, or of turning on >> that functionality later. >> >> — Justin >> >>> On Jul 22, 2015, at 9:49 AM, Kathleen Moriarty >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hey Barry, >>> >>> From my observations with Facebook, it now has options added for you to >>> select what resources from Facebook will get shared when authorizing access >>> to other applications. You can click on each of the possibilities and >>> strip it down. It appears to me that Facebook is managing that, so in your >>> case, I *think* (and am open to be corrected) that LinkedIn needs to do >>> something similar. Without those options, I also cancel out and just don't >>> use the other app. >>> >>> Thanks, >>> Kathleen >>> >>> On Wed, Jul 22, 2015 at 3:44 AM, Barry Leiba <[email protected] >>> <mailto:[email protected]>> wrote: >>> Yesterday, someone sent me a link to some presentation slides that >>> he'd posted to SlideShare. I looked at them, and wanted to download >>> them as a PDF. In order to let me do that, SlideShare wants me to log >>> in. It gives me the options to log in via LinkedIn or Facebook. As >>> I'm one of the three people in the world without a Facebook account, I >>> clicked "LinkedIn". That got me an OAuth authorization screen, image >>> attached. >>> >>> Now, I don't know if this is SlideShare's fault for asking for too >>> much, or LinkedIn's fault for not providing enough granularity for >>> requests, but just LOOK at that list of what I'd be giving SlideShare >>> access to. The first few make sense: read my profile (the whole thing >>> or pieces of it, including contact information). But... access to my >>> connections? I'm not sure they'd like my exposing their identities to >>> SlideShare. Access to my private messages? EDIT MY PROFILE? Srsly? >>> >>> Of course, this isn't the fault of the OAuth protocol, really (though >>> one might argue that there's not enough guidance provided). But, >>> really, with implementations like this, I have to wonder what they're >>> thinking. >>> >>> I clicked "Cancel", of course, and asked the slide creator to send me a PDF. >>> >>> Barry >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >>> >>> >>> >>> >>> -- >>> >>> Best regards, >>> Kathleen >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> > > _______________________________________________ > OAuth mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > > > -- > Maciej Machulak > email: [email protected] <mailto:[email protected]> > mobile: +44 7999 606 767 (UK) > mobile: +48 602 45 31 66 (PL)
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
