[OAUTH-WG] Access token must be differ based on the scope?
Asela Pathberiya <aselapathberiya@gmail.com> Thu, 16 May 2013 22:54 UTC
Return-Path: <aselapathberiya@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3862911E8122 for <oauth@ietfa.amsl.com>; Thu, 16 May 2013 15:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDCQyhKAQVkD for <oauth@ietfa.amsl.com>; Thu, 16 May 2013 15:54:55 -0700 (PDT)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id E3F2411E811F for <oauth@ietf.org>; Thu, 16 May 2013 15:54:54 -0700 (PDT)
Received: by mail-wi0-f171.google.com with SMTP id hq7so77514wib.10 for <oauth@ietf.org>; Thu, 16 May 2013 15:54:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=I+8E1UG0asKUAK22bZ+rVbB5m1tWcKrFnCDn6es0Z8Q=; b=D7GvJzZnqGsm2+lRlpf7Lx6xn0+6LVke3sgYYkDQlFrY3PUYxmD12c+pj5nBRVw1EO oQcp6k/xOWYNw3A5x/+7xnbiGRjBLwaJ/Od3VPTFXl0jTxB/4n6NLqfDro7LRoet+MMR g2xi2YS8FiWca12d04OFHiJNdPHZ2USKNI0J1mXCQofsUiIFnDYTiL6kPrYdFcg4GKV9 rYmoT6sQsVojfT46FLfceDGq4J1ktoyCAXY1yebdisPVMDCHEa6ICZ5IGgMv/7haClJn uABkK9LdtX9XvWdADved1aM6I+Tg81v4zsoRgs1cOok4F8eXefMBY4GqR909ewKV3Icb ZphQ==
MIME-Version: 1.0
X-Received: by 10.180.79.69 with SMTP id h5mr28776295wix.14.1368744894027; Thu, 16 May 2013 15:54:54 -0700 (PDT)
Received: by 10.194.104.5 with HTTP; Thu, 16 May 2013 15:54:53 -0700 (PDT)
Date: Fri, 17 May 2013 04:24:53 +0530
Message-ID: <CAKfK-ypheXcp9Go92Z0Vzs8TvWGQujcKcCs3X64X9xy-bjc7vQ@mail.gmail.com>
From: Asela Pathberiya <aselapathberiya@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="f46d043c062e325ba004dcddc1a5"
Subject: [OAUTH-WG] Access token must be differ based on the scope?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2013 23:39:45 -0000
Hi All,
I want to know, what is the correct way that authorization server must act
when same client with same resource owner is asking for an access token for
different scopes?
Let say.
1. Got an access token for scope "foo1, bar1"
2. Then , if same client with same resource owner asks for an access token
for different scope "foo2"
Here, Should authorization server must issue an new access token for "foo2"
scope or else authorization server must update the scope for current
access token in its own entries ("foo1", "bar1", "foo2") and return same
access token?
Basically is access token issued per client, resource owner and scope or
else only per client and resource owner?
I could not found much details on this in the specification. sorry if this
is already discussed.
Thanks,
Asela
- [OAUTH-WG] Access token must be differ based on t… Asela Pathberiya
- [OAUTH-WG] Access token must be differ based on t… Asela Pathberiya
- Re: [OAUTH-WG] Access token must be differ based … Phil Hunt
- Re: [OAUTH-WG] Access token must be differ based … Prabath Siriwardena