I know we add scopes based on the Authorization Server determining that the
Resource Owner is also a "Paying Customer". (Well using OIDC so we KNOW
they are a paying customer.)
--
-jim
Jim Willeke
On Fri, Jul 7, 2017 at 9:03 PM, William Denniss wrote:
>
> On Fri, Jul 7, 2017 at 1:50 PM, Sergey
Hi
On 07/07/17 18:56, William Denniss wrote:
What you describe is incremental auth.
Thanks... FYI, I thought of doing some work around it after browsing
through the Google docs; the line about the "asking to approve the
purchase of the kitchen sink at the authentication time is a death of
the
Hi
Re the confidential client: let me explain please how we experimented
with this feature when the code flow is used.
1. Client requests a scope 'a' for a given User, it gets approved by the
user, the clients gets a code and exchanges it for a token.
2. At some later stage Client requests
