Dear list,
perhaps I've overread it in the specification or it was not explicit
about my required scenario:
The Web-Server-Flow is used. An application requests data about the
user. The scopes are dateofbirth,isover18,address. Now the user is
forwarded to the authorization server to identify and authenticate and
give permissions to the applications. The user decides to give only
permission for the isover18 scope but not dateofbirth and address.
How would the application be notified about the granted scopes and the
not granted scopes?
Best regards
Martin
--
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - USt-ID (VAT): DE122264941
Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0
Thiemannstraße 36a, 12059 Berlin, Telefon: +49 30 5682943-30
Internet: http://www.tarent.de/ Telefax: +49 228 52675-25
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
