Re: [OAUTH-WG] Questions on OAuth Protected Resource Metadata

I think we’re used to thinking of scopes in terms of things that a developer can read and understand, but that’s not always going to be true. For automated systems like this, the developer isn’t always expected to understand the scope — they probably don’t even see it in many cases. The client s

Re: [OAUTH-WG] Questions on OAuth Protected Resource Metadata

Hi, #1 is clear now. Thanks Warren On #2, thanks Neil and Warren for your clarifications. Does it make sense to include language that warns against requesting unknown scopes in the OPRM draft? Atul On Thu, Sep 21, 2023 at 11:17 AM Neil Madden wrote: > On 21 Sep 2023, at 17:19, Atul Tulshibagwa

Re: [OAUTH-WG] Questions on OAuth Protected Resource Metadata

On 21 Sep 2023, at 17:19, Atul Tulshibagwale wrote: > > Hi all, > I'm still looking for answers to these two questions > > regarding the OPRM draft that was recently adopted by the WG: > If I have a resource server that

Re: [OAUTH-WG] Questions on OAuth Protected Resource Metadata

For (1) arguably these are different resources, therefore, they of course have different paths. The draft specifically outlines that each of them can have their own metadata document: https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-00.html#name-protected-resource-metadata- If t

[OAUTH-WG] Questions on OAuth Protected Resource Metadata

Hi all, I'm still looking for answers to these two questions regarding the OPRM draft that was recently adopted by the WG: 1. If I have a resource server that has multiple endpoints, each of which require different sc