Assuming that this is mean to replace the scope parameter?
On Fri, Apr 2, 2010 at 9:18 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > This is half baked but I wanted to get people's reaction: > > Clients tries accessing a resource with or without an access token: > > GET /resource/1 HTTP/1.1 > Host: server.example.com > > The server replies with: > > HTTP/1.1 401 Unauthorized > WWW-Authenticate: OAuth realm='example' > > Clients requests an access token (using the client credentials flow) and > includes the requested realm (line breaks for display purposes): > > POST /access_token HTTP/1.1 > Host: server.example.com > > client_id=s6BhdRkqt3&client_secret=8eSEIpnqmM& > mode=flow_client&realm=example > > The server issues a access token capable of accessing the resource realm. > > This means one new parameter on the request side which is already baked into > the 401 response in a standard way. > > Thoughts? > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
