[OAUTH-WG] Access token must be differ based on the scope?
Asela Pathberiya <aselapathberiya@gmail.com> Thu, 16 May 2013 23:43 UTC
Return-Path: <aselapathberiya@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA17011E80CC for <oauth@ietfa.amsl.com>; Thu, 16 May 2013 16:43:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcWtIYCyxlSJ for <oauth@ietfa.amsl.com>; Thu, 16 May 2013 16:43:29 -0700 (PDT)
Received: from mail-bk0-x234.google.com (mail-bk0-x234.google.com [IPv6:2a00:1450:4008:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id 0C80F11E80A3 for <oauth@ietf.org>; Thu, 16 May 2013 16:43:28 -0700 (PDT)
Received: by mail-bk0-f52.google.com with SMTP id mz10so1228150bkb.39 for <oauth@ietf.org>; Thu, 16 May 2013 16:43:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=WUWA9QulTv498YdQhDwXbxzQOgLN5CrLUnDTDfaKe1Y=; b=XWzLhKUvayEbl72kSFDz4QuVuhnSjcu87jUCAIlnyDPYc2yZTD9ckCBqgyzonxR/Wi hEgEvqd4giYHOF9H/xl684tG4/eGgPDKorCtbNnqfJJa+ii6EQpCuxtAb9lDzyXCGUjz +Aws4OsN/zg/twlz7rO4C2bpOL6nzpusMU2cXPNi90tMh58l+fyEBT0Xu4ie8zV2+7vF CzC7w7F2JO2vWqHhiRzQMp5C2N8N4gEUCK+nBx6HJbmeAD+14wgxYhFoSE45P/5g4HN8 UCgKDBZpAZfwyGxk8oF+5RHZEY7phJLMPqAVbiyDWGVFq0Tw8nStIAVJKrlXv8lUzweB 5xKg==
MIME-Version: 1.0
X-Received: by 10.204.200.71 with SMTP id ev7mr3236241bkb.27.1368747807899; Thu, 16 May 2013 16:43:27 -0700 (PDT)
Received: by 10.204.9.154 with HTTP; Thu, 16 May 2013 16:43:27 -0700 (PDT)
Date: Fri, 17 May 2013 05:13:27 +0530
Message-ID: <CAKfK-yqOtb2yCko_jQXHf6KiinuyGLhZCKS7OdzCtnM3bdE4rA@mail.gmail.com>
From: Asela Pathberiya <aselapathberiya@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="485b3970cecae0b24904dcde6e60"
Subject: [OAUTH-WG] Access token must be differ based on the scope?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2013 23:43:29 -0000
Hi All,
I want to know, what is the correct way that authorization server must act
when same client with same resource owner is asking for an access token for
different scopes?
Let say.
1. Got an access token for scope "foo1, bar1"
2. Then , if same client with same resource owner asks for an access token
for different scope "foo2"
Here, Should authorization server must issue an new access token for "foo2"
scope or else authorization server must update the scope for current
access token in its own entries ("foo1", "bar1", "foo2") and return same
access token?
Basically is access token issued per client, resource owner and scope or
else only per client and resource owner?
I could not found much details on this in the specification. sorry if this
is already discussed.
Thanks,
Asela
- [OAUTH-WG] Access token must be differ based on t… Asela Pathberiya
- [OAUTH-WG] Access token must be differ based on t… Asela Pathberiya
- Re: [OAUTH-WG] Access token must be differ based … Phil Hunt
- Re: [OAUTH-WG] Access token must be differ based … Prabath Siriwardena