-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
Le 12/05/2015 08:49, Ryan Kelly a écrit : > Do we create a scope like "payments:write" that Bob himself is not > allowed to have, but that the payment app can grant to itself via some > backend token dance? Yes that exactly the plan. The plan is to have the paymentapp be the administrator of the collection with read+write access. Payment app will authenticate using a paymentapp token. Then the paymentapp will grant read access on the payment related to the seller app for the seller app token and will grant read access on the payment related to the buyer for the user (ie. Bob) Cheers, Rémy -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVUc78AAoJEOVazsWSrDA71qoQANiMDfJJ1mYU9m60qJnmGHUL XgwXgy2SXhHssLOViCiw58EYCLhYEG1yF53lu7olWPNI2ocHGi9MVf3/bowBi+M9 gxYHjNXfVeBP/VysySmA1MB8KoWs/A+Z99RjL0rtrHFdTQWGKRsaSZdHoOoHpbdb o8gjn3EGaV4kwQ3h/RDIzAWS2ZaBFEoklw1xuk/ivHbs9d4oLCktav3szA/tyRbP eC9GcO+FMALhZny1ekgIWU4ozkbzxROEZ3WqIBLwkEbnw0SenvOPcA7RIjTPBGSf 0lE6RNZetw1d0AUa+MfOJZ2wwgYzotBMGCUt3BeZ90WsYo6O+Ptz9bCgibaxpADI oRKpZ3+1in9FX+OleHhlVkK1QG7eukb54jGDD9cF4OHrMdvQ8Pa0Nj73KIyY0ITq S8x8wegWZwC+EB8lqtQKvvh7hNyqdP1yd40inw05Q0+8tfdS33ZUb5Ev7nabOJUa qS8tVIYycq44LWtH7GAUe8o9yvTG0JghIALMYu2wACD2tJIGr6FmgK8h7dzHfdlf UY+sIlXXA+ZYtMRvr4UgBGm9Ka9vIOZjnsF/POInWLOJ1HHMnGGso6gY6mnIT+as 5KDwTZARxNj5f3vk8n11P//eVKi4hV9cRH4zmJjDyabhFuIgPLs+d1m7nLrVucwE //7Eg5uqGeaN3zQBIccR =OrVr -----END PGP SIGNATURE----- _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
