-10 4.2:
scope
OPTIONAL. The scope of the access token as a list of space-
delimited strings. The value of the "scope" parameter is
defined by the authorization server. If the value contains
multiple space-delimited strings, their order does not matter,
and each string adds an additional access range to the
requested scope. The authorization server SHOULD include the
parameter if the requested scope is different from the one
requested by the client.
EHL
> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Martin Ley
> Sent: Friday, November 26, 2010 12:41 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
>
> Dear list,
>
> perhaps I've overread it in the specification or it was not explicit about my
> required scenario:
>
>
> The Web-Server-Flow is used. An application requests data about the user.
> The scopes are dateofbirth,isover18,address. Now the user is forwarded to
> the authorization server to identify and authenticate and give permissions to
> the applications. The user decides to give only permission for the isover18
> scope but not dateofbirth and address.
>
> How would the application be notified about the granted scopes and the not
> granted scopes?
>
> Best regards
>
> Martin
>
>
> --
> tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
> Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT):
> DE122264941
>
> Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0
> Thiemannstraße 36a, 12059 Berlin, Telefon: +49 30 5682943-30
> Internet: http://www.tarent.de/ Telefax: +49 228 52675-25
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
