I'm tempted to say user created PATs are incompatible with OAuth, and OAuth already has a solution which avoids the user having to manually create these sorts of tokens. Is there a reason OAuth wouldn't be able to handle the specific use case.
Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Sun, Apr 3, 2022 at 7:56 PM Takahiko Kawasaki <[email protected]> wrote: > Dear Dhaura, > > My recommendation to you (undergraduate? LinkedIn says so) is to > investigate the following as the first step. > > > - ID Token (OpenID Connect Core 1.0, Section 2) > - UserInfo Endpoint (OpenID Connect Core 1.0, Section 5.3) > > > In general, inventing a new grant type should be the last resort. > > Best Regards, > Takahiko Kawasaki > > > On Sun, Apr 3, 2022 at 3:35 PM David Waite <david= > [email protected]> wrote: > >> >> On Apr 1, 2022, at 3:24 AM, Dhaura Pathirana <[email protected]> >> wrote: >> >> I would like to know if anyone has seen this (listing token metadata) as >> a common use case in OAuth2 and a standard way of doing it had been >> proposed before? >> >> >> OAuth Token Introspection (RFC 7662) defines a way to query for active >> state and meta-info. >> >> However, its use is defined only for protected resources, and not the >> resource owner or the client the token was issued to. >> >> -DW >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
