This wiki is no longer active and is left here for historical purposes. Please visit for up-to-date information.


Page history last edited by Chris Messina 9 years, 5 months ago

Token Attributes

The OAuth draft used to include an optional parameter oauth_token_attributes which was a standard way for the Consumer to tell the Service Provider what kind of access is requested. I think there is value in a standard way of asking for basic types of access in a few categories:

  1. Duration: How long is access requested? Can be in good-until/length of time, usage counter (an Access Token good for 10 API calls), or until a User event (password change, revoked, user changes permissions, resource changes, etc.). This can also be a combination of these restrictions.
  2. Read/Write: Access to read only or read-write. Is the Consumer able to modify data.
  3. Resources: Which resources is a Token good for? With discovery, this is less of an issue as the Consumer will first attempt to access a resource and if found protected by OAuth will negotiate access to that resource which will scope the Token. But a more efficient access is needed to save the hassle of multiple tokens for many resources of the same User.
  4. Terms of Service


Comments (0)

You don't have permission to comment on this page.