Hey all, we're implementing OAuth and we have a differing of opinions
on what the expected behavior is in a couple of instances. What is the
proper HTTP status code to return for the following cases?
1) When a client uses the PLAINTEXT signature method over HTTP
2) When a client sends a value
Hello
Ive recently started developing a desktop client for a new web
application. Their API is based upon OAuth-WRAP. Does anyone one have
any libraries or code relating to javascript development for this?
--
You received this message because you are subscribed to the Google Groups
OAuth
Hi Gerald,
Your question is a good one — and gets at some of the challenges inherent in
user authorization models. Specifically: when a user grants authorization,
how do you effectively scope access and communicate that to the user? Should
you or the user need to later change the scope of
Thanks for your explanation.
Yes, I totally agree with you from the perspective of technology.
Technically, service providers can come up with whatever policies
about scope of authorization, allowed operations, etc.
However, one drawback is that users may get confused when they access
different
For what it's worth, the current UMA draft protocol (layered on WRAP for the
moment) does propose a way for a client to express to the authorization server
its desired scope of access, using a JSON format and presuming that the API has
been documented in a resource-oriented way (resource
