[OAUTH-WG] User agent flow missing optional scope parameter in response?
Andrew Arnott <andrewarnott@gmail.com> Mon, 07 June 2010 17:18 UTC
Return-Path: <andrewarnott@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 019D93A6824 for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 10:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8urFRTloD0u for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 10:18:25 -0700 (PDT)
Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com [209.85.211.171]) by core3.amsl.com (Postfix) with ESMTP id BAA3628C140 for <oauth@ietf.org>; Mon, 7 Jun 2010 08:39:14 -0700 (PDT)
Received: by ywh1 with SMTP id 1so2930033ywh.22 for <oauth@ietf.org>; Mon, 07 Jun 2010 08:39:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=p8QQfd3K6FRgijmck29LHNftm1/pq7tuifgsF9g6m6E=; b=ixWb6ZEC6peNmsUaH4NFqQpmX8zA46+dd4FkfyNw3mS1LERXfL7SS673OtqdU+q6eW /PPIxXKb09DK75TsDyXNDKcaOaXOiXOjuq3YN158AWdHX5BxvTc788LMhxSgHIPvvGDv CYjHIKzLItk488idRDSuKD05x9FsCVeFa66tw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=wRpBJV7Waae3AHFqS8nXXRVM8qgvFFtqhGgcXSrmiImWWul4vMl/cCR1KZ0kcCbgEz td7AhY1QWuxNLnbKBobpo7mt6PRf2X6+FyLDLhvXAqCup4Uwh9USjXHnW3ugkFRKsGkv rP4mwCn9cJm3yoh7ltqfw3k2Tmk7k75UU+TjE=
Received: by 10.151.18.38 with SMTP id v38mr13915321ybi.420.1275925147033; Mon, 07 Jun 2010 08:39:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.26.19 with HTTP; Mon, 7 Jun 2010 08:38:46 -0700 (PDT)
In-Reply-To: <AANLkTik2cW63OGGCoZWJ86EwYSqlmxSofwxzWNiZ1wbH@mail.gmail.com>
References: <AANLkTik2cW63OGGCoZWJ86EwYSqlmxSofwxzWNiZ1wbH@mail.gmail.com>
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Mon, 07 Jun 2010 08:38:46 -0700
Message-ID: <AANLkTimOG4t5m2BLCd_4EjrSg0bq-kDiyyHmimEVEfVS@mail.gmail.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000e0cdf1970261f45048872795c"
Subject: [OAUTH-WG] User agent flow missing optional scope parameter in response?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 17:18:27 -0000
The web server flow includes an optional scope parameter in a success response. The user agent flow seems to be missing that. If a single auth server supports both flows, and actually leverages the capability in the web server flow to change the set of granted scopes from the requested ones by sending a new scope value, it will be unable to do so for user-agent clients. Is this intended? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
- [OAUTH-WG] User agent flow missing optional scope… Andrew Arnott
- Re: [OAUTH-WG] User agent flow missing optional s… Eran Hammer-Lahav