Does UMA use the standard scope parameter?
> Am 22.04.2019 um 21:03 schrieb George Fletcher <[email protected]>: > > Speaking just to the UMA side of things... > > ...it's possible in UMA 2 for the client to request additional scopes when > interacting with the token endpoint specifically to address cases where the > client knows it's going to make the following requests and wants to obtain a > token with sufficient privilege for those requests. This requires a fair > amount of knowledge by the client of the ecosystem but that is sometimes the > case and hence this capability exists :) > >> On 4/22/19 1:18 PM, Torsten Lodderstedt wrote: >> The problem from my perspective (and my understanding of UMA) is the RS does >> not have any information about the context of the request. For example, the >> client might be calling a certain resource (list of accounts) and >> immediately afterwards wants to obtain the balances and initiate a payment. >> I think the UMA case the RS either predicts this based on policy or past >> behaviour of the client OR the client will need to issue several token >> requests. That might not be a problem in 1st party scenarios but it is in >> 3rd party scenarios if the AS gathers consent. >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
