Hi, I’m looking into the topic of tenancy. A multi-tenant service can be considered as an OAuth Resource Server managing resources of different tenants. An AS makes authorization decisions and communicates these using scopes, so one way would be to ‘encode’ the tenant into the scope values. Another line of thought is to somehow bind/restrict an acces-token to a certain tenant, leaving the set of scopes being used more static.
My question is whether this has been a topic that has been addressed in the OAuth working group? Any common practice or draft? Thanks in advance for your replies. Kind regards, Jaap Francke Product Manager Identity +31(0)641495324 mendix.com [signature_827714327]<http://www.mendix.com/>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
