Just as a matter of clarification about the downscope language in the
spec:
The downscoping capability here is intended mostly for getting
special-use tokens, for things like redelegation to other apps. So say I
grant access to AppA with scope "read write", and AppA gets a refresh
and access token
As Eran pointed out, the way you've formatted your scope request,
you've only specified one scope and I'd guess to keep things simple
and consistent can either be approved or denied. I don't have a spec
reference about what happens when the user doesn't approve but I
assume the response is sent to
if the requested scope is different from the one
requested by the client.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Martin Ley
Sent: Friday, November 26, 2010 12:41 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Requesting m
requested by the client.
>>
>> EHL
>>
>>
>>>
>>> -----Original Message-----
>>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>>> Of Martin Ley
>>> Sent: Friday, November 26, 2010 12:41 AM
>>
Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Martin Ley
Sent: Friday, November 26, 2010 12:41 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
Dear list,
perhaps I've overread it in the specification o
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Martin Ley
> Sent: Friday, November 26, 2010 12:41 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Requesting mutliple scope, but user authorizes not all
>
> Dear list,
>
> perhaps I've overread it in the
Dear list,
perhaps I've overread it in the specification or it was not explicit
about my required scenario:
The Web-Server-Flow is used. An application requests data about the
user. The scopes are dateofbirth,isover18,address. Now the user is
forwarded to the authorization server to iden
