Re: [OAUTH-WG] Access token must be differ based on the scope?

Thu, 16 May 2013 18:21:47 -0700 

Yes. If its a new grant asking an access token with a new scope - then we
need to give a new acces token.

Thanks & regards,
-Prabath

On Fri, May 17, 2013 at 6:13 AM, Phil Hunt <phil.h...@oracle.com> wrote:

> My understanding is this is ok if during authorization, the client
> requested at least "foo1 bar1 foo2" or "foo1 bar1 foo2 bar2" for example.
>  The effect of asking for a separate token is the client has two tokens
> with different scopes.  "foo1 bar1" and "foo2".  This is actually nice
> because each token has minimal rights.
>
> Of course nothing saying an AS can't invalidate a previous token, but
> nothing saying it needs to.
>
> Phil
>
> @independentid
> www.independentid.com
> phil.h...@oracle.com
>
>
>
>
>
> On 2013-05-16, at 3:54 PM, Asela Pathberiya wrote:
>
> > Hi All,
> >
> > I want to know, what is the correct way that authorization server must
> act when same client with same resource owner is asking for an access token
> for different scopes?
> > Let say.
> >
> > 1. Got an access token for  scope  "foo1, bar1"
> >
> > 2. Then , if same client with same resource owner asks for an access
> token for different scope "foo2"
> >
> > Here, Should authorization server must issue an new access token for
> "foo2" scope or else authorization server must update  the scope for
> current access token in its own entries ("foo1", "bar1", "foo2") and return
> same access token?
> >
> > Basically is access token issued per client, resource owner and scope or
> else only per client and resource owner?
> >
> > I could not found much details on this in the specification. sorry if
> this is already discussed.
> >
> > Thanks,
> > Asela
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to