Re: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
Eran Hammer-Lahav <eran@hueniverse.com> Fri, 26 November 2010 17:05 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 965C628C0FA for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 09:05:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level:
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=-0.930, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZyU883zXN7Y for <oauth@core3.amsl.com>; Fri, 26 Nov 2010 09:05:08 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id 7A3E63A6AE1 for <oauth@ietf.org>; Fri, 26 Nov 2010 09:05:08 -0800 (PST)
Received: (qmail 27339 invoked from network); 26 Nov 2010 17:06:11 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 26 Nov 2010 17:06:11 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Fri, 26 Nov 2010 10:06:03 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Martin Ley <m.ley@tarent.de>, "oauth@ietf.org" <oauth@ietf.org>
Date: Fri, 26 Nov 2010 10:05:57 -0700
Thread-Topic: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
Thread-Index: AcuNRiprjQGI5lC8RFCh46ri98cr4gARgJJw
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343D4B065398@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <20101126094122.53764oqlukyiow4y@ugs.tarent.de>
In-Reply-To: <20101126094122.53764oqlukyiow4y@ugs.tarent.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2010 17:05:09 -0000
-10 4.2:
scope
OPTIONAL. The scope of the access token as a list of space-
delimited strings. The value of the "scope" parameter is
defined by the authorization server. If the value contains
multiple space-delimited strings, their order does not matter,
and each string adds an additional access range to the
requested scope. The authorization server SHOULD include the
parameter if the requested scope is different from the one
requested by the client.
EHL
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Martin Ley
> Sent: Friday, November 26, 2010 12:41 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
>
> Dear list,
>
> perhaps I've overread it in the specification or it was not explicit about my
> required scenario:
>
>
> The Web-Server-Flow is used. An application requests data about the user.
> The scopes are dateofbirth,isover18,address. Now the user is forwarded to
> the authorization server to identify and authenticate and give permissions to
> the applications. The user decides to give only permission for the isover18
> scope but not dateofbirth and address.
>
> How would the application be notified about the granted scopes and the not
> granted scopes?
>
> Best regards
>
> Martin
>
>
> --
> tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
> Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT):
> DE122264941
>
> Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0
> Thiemannstraße 36a, 12059 Berlin, Telefon: +49 30 5682943-30
> Internet: http://www.tarent.de/ Telefax: +49 228 52675-25
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Requesting mutliple scope, but user au… Martin Ley
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Eran Hammer-Lahav
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Igor Faynberg
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Nat Sakimura
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Igor Faynberg
- Re: [OAUTH-WG] Requesting mutliple scope, but use… David Primmer
- Re: [OAUTH-WG] Requesting mutliple scope, but use… Justin Richer