You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OAuth 2 has "scopes", which allow apps to limit their access to user data. Scopes are required per the spec, so we need to decide what we're going to do with them. (The scope parameter is a space-delimited list.)
There's a few options for what we could do here:
Ignore the scope parameter, and have a dummy value for clients which need one (e.g. *)
Allow clients to specify roles they're requesting: scope=subscriber could be used if the app only needs user-level data, e.g.
We could also allow clients to specify exact caps that they want as well, e.g. scope=subscriber edit_posts
Use handcrafted scopes: scope=user.read. I have an existing design for this from the OAuth 1 days.
These each have benefits and drawbacks, so we need to decide what we want to do.
The text was updated successfully, but these errors were encountered:
OAuth 2 has "scopes", which allow apps to limit their access to user data. Scopes are required per the spec, so we need to decide what we're going to do with them. (The scope parameter is a space-delimited list.)
There's a few options for what we could do here:
*)scope=subscribercould be used if the app only needs user-level data, e.g.scope=subscriber edit_postsscope=user.read. I have an existing design for this from the OAuth 1 days.These each have benefits and drawbacks, so we need to decide what we want to do.
The text was updated successfully, but these errors were encountered: