This wiki is no longer active and is left here for historical purposes. Please visit for up-to-date information.


Token Attributes

The OAuth draft used to include an optional parameter oauth_token_attributes which was a standard way for the Consumer to tell the Service Provider what kind of access is requested. I think there is value in a standard way of asking for basic types of access in a few categories:

  1. Duration: How long is access requested? Can be in good-until/length of time, usage counter (an Access Token good for 10 API calls), or until a User event (password change, revoked, user changes permissions, resource changes, etc.). This can also be a combination of these restrictions.
  2. Read/Write: Access to read only or read-write. Is the Consumer able to modify data.
  3. Resources: Which resources is a Token good for? With discovery, this is less of an issue as the Consumer will first attempt to access a resource and if found protected by OAuth will negotiate access to that resource which will scope the Token. But a more efficient access is needed to save the hassle of multiple tokens for many resources of the same User.
  4. Terms of Service