On Thu, Jul 19, 2018 at 8:51 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote:
> Hi Dick, > > > >> >> Section 3: >> Don’t you think it could be a useful information to have the resource URI >> available in the authorization flow?I would assume it could have some >> additional meaning to the AS and could also be the context of the scope. >> > > I'm assuming you are referring to the Authorization Code Grant. Good call > out that the resource URI would be useful in the redirect. > > The use cases that I have been working with have all been Client > Credential Grants > > I currently don't know of a real world use case for the Authorization Code > Grant for Distributed OAuth. > > > I think any scenario with multiple resource servers relying on the same AS > for authorization where the client acts on behalf of the resource owner > qualifies for grant type code and distributed OAuth. > > Let’s assume a user wants to authorize a client for access to her cloud > storage, email account and contacts when setting app the respective app. > Would you walk me through the user experience that happened for the client to do discovery on these three resources? In other words, what did the user do to get the client to call the resource and get back the 401 response? /Dick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
