"Null string", "empty string", or "server defined default value" all work.
Default scope doesn't do it for me.
From: Eran Hammer
To: William Mills ; "oauth@ietf.org"
Sent: Tuesday, January 10, 2012 5:24 PM
Subject: RE: [OAUTH-WG] Seeking Clarification: Pote
I don't like 'empty scope' as it is undefined. I prefer 'default scope'.
EHL
From: William Mills [mailto:wmi...@yahoo-inc.com]
Sent: Tuesday, January 10, 2012 4:02 PM
To: Eran Hammer; oauth@ietf.org
Subject: Re: [OAUTH-WG] Seeking Clarification: Potential Ambiguity in
Specification
On your #1,
Wups, there's a must in there that should be MUST.
From: agks mehx
To: William Mills ; Eran Hammer ;
"oauth@ietf.org"
Sent: Tuesday, January 10, 2012 4:18 PM
Subject: Re: [OAUTH-WG] Seeking Clarification: Potential Ambiguity in
Specification
Sounds very
Sounds very good: "... MAY include or omit the scope parameter. If omitted,
the server must process the request using an empty scope as the default."
On Tue, Jan 10, 2012 at 4:02 PM, William Mills wrote:
> On your #1, I don't agree that an empty scope is useless. There are
> comparable implemen
On your #1, I don't agree that an empty scope is useless. There are comparable
implementations that use an empty scope to be a wildcard scope. I'd say,
"The client can MAY include or omit the scope
parameter. If omitted, the server must process the request using an empty scope
as the defaul
I don't think the issue here is about the scope value, but who does the
OPTIONAL designation applies to. IOW, is it optional for the server to
support/require it, or is it optional for the client to include or omit it.
The intention was to make it optional for the authorization server to make al
What you're describing is the Device Flow, which was pulled out of the
main document a while ago and now sits here, somewhat outdated and unloved:
http://tools.ietf.org/html/draft-recordon-oauth-v2-device-00
In this, the app gives the user a short code that they enter into a URL,
do the author
The underlying issue is that there was a decision not to in any way standardize
values for scope.
I agreed this was reasonable since the underlying resource APIs are likely to
be very specific requiring some degree of prior knowledge by the client app
developer. Thus the resource server OAuth i
Hello,
I am developing a REST API and trying to follow the OAuth 2.0 protocol
for authentication, and have a few questions for you good folks.
The use case I'm interested in is native applications (such as linux
command-line programs) that are unable or unwilling to involve a
user-agent. In this
At 09:19 10-01-2012, William Mills wrote:
That does clear it up! If the implementation returns a proper error
when the scope is omitted then it will be in conformance. Sending
an error result for the empty scope is valid.
Yes.
It is not possible to get a clear view of the specs if the discu
That does clear it up! If the implementation returns a proper error when the
scope is omitted then it will be in conformance. Sending an error result for
the empty scope is valid.
From: agks mehx
To: William Mills ; Eran Hammer ;
oauth@ietf.org
Cc: SM
11 matches
Mail list logo
