Token Attributes
The OAuth draft used to include an optional parameter oauth_token_attributes
which was a standard way for the Consumer to tell the Service Provider what kind of access is requested. I think there is value in a standard way of asking for basic types of access in a few categories:
- Duration: How long is access requested? Can be in good-until/length of time, usage counter (an Access Token good for 10 API calls), or until a User event (password change, revoked, user changes permissions, resource changes, etc.). This can also be a combination of these restrictions.
- Read/Write: Access to read only or read-write. Is the Consumer able to modify data.
- Resources: Which resources is a Token good for? With discovery, this is less of an issue as the Consumer will first attempt to access a resource and if found protected by OAuth will negotiate access to that resource which will scope the Token. But a more efficient access is needed to save the hassle of multiple tokens for many resources of the same User.
- Terms of Service
Others?
Comments (0)
You don't have permission to comment on this page.