[OAUTH-WG] Requesting mutliple scope, but user authorizes not all
Martin Ley <m.ley@tarent.de> Fri, 26 November 2010 08:40 UTC
Return-Path: <m.ley@tarent.de>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 990203A6A55 for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 00:40:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.351
X-Spam-Level:
X-Spam-Status: No, score=0.351 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52wgvNb0+zcz for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 00:40:20 -0800 (PST)
Received: from ugs.tarent.de (gate.tarent.de [212.79.178.249]) by core3.amsl.com (Postfix) with ESMTP id 4F0DD3A69A6 for <oauth@ietf.org>; Fri, 26 Nov 2010 00:40:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by ugs.tarent.de (Postfix) with ESMTP id 366D140224BD1 for <oauth@ietf.org>; Fri, 26 Nov 2010 09:41:22 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by ugs.tarent.de (Postfix) with ESMTP id 2DF9240009994 for <oauth@ietf.org>; Fri, 26 Nov 2010 09:41:22 +0100 (CET)
X-Virus-Scanned: by amavisd-new-2.6.1 (20080629) (Debian) at tarent.de
Received: from ugs.tarent.de ([127.0.0.1]) by localhost (ugs.tarent.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZ9V-APyuq9y for <oauth@ietf.org>; Fri, 26 Nov 2010 09:41:22 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by ugs.tarent.de (Postfix) with ESMTP id 1A9B440224BD1 for <oauth@ietf.org>; Fri, 26 Nov 2010 09:41:22 +0100 (CET)
Received: from http-v.fe.bosch.de (http-v.fe.bosch.de [194.39.218.10]) by ugs.tarent.de (Horde Framework) with HTTP; Fri, 26 Nov 2010 09:41:22 +0100
Message-ID: <20101126094122.53764oqlukyiow4y@ugs.tarent.de>
Date: Fri, 26 Nov 2010 09:41:22 +0100
From: Martin Ley <m.ley@tarent.de>
To: oauth@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; DelSp="Yes"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4)
Subject: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2010 08:43:28 -0000
Dear list, perhaps I've overread it in the specification or it was not explicit about my required scenario: The Web-Server-Flow is used. An application requests data about the user. The scopes are dateofbirth,isover18,address. Now the user is forwarded to the authorization server to identify and authenticate and give permissions to the applications. The user decides to give only permission for the isover18 scope but not dateofbirth and address. How would the application be notified about the granted scopes and the not granted scopes? Best regards Martin -- tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT): DE122264941 Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0 Thiemannstraße 36a, 12059 Berlin, Telefon: +49 30 5682943-30 Internet: http://www.tarent.de/ Telefax: +49 228 52675-25
- [OAUTH-WG] Requesting mutliple scope, but user au… Martin Ley
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Eran Hammer-Lahav
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Igor Faynberg
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Nat Sakimura
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Igor Faynberg
- Re: [OAUTH-WG] Requesting mutliple scope, but use… David Primmer
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Justin Richer