[Amdatu-developers] [JIRA] (AMDATUAUTH-132) Support auto approval of authorize step

Mon, 26 Mar 2012 05:47:08 -0700 

    [ 
http://jira.amdatu.org/jira/browse/AMDATUAUTH-132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12927#comment-12927
 ] 

Ivo Ladage - van Doorn commented on AMDATUAUTH-132:
---------------------------------------------------

What needs to be done:

- A property is added to the token or consumer store that holds all users that 
checked the 'remember' option. 
- This property should not only contain a yes/no option but should also support 
more detailed authorization about the actual access granted (i.e. readonly or 
read & write)
- The OAuth server should provide a page in which the user can verify the 
memorized access grants and revoke them (this also applies to revoking access 
tokens in general)
- The OAuth server should read this property and if available apply this 
authorization to the request/access token, skipping the (visual) authorize step
                
> Support auto approval of authorize step
> ---------------------------------------
>
>                 Key: AMDATUAUTH-132
>                 URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-132
>             Project: Amdatu Auth
>          Issue Type: New Feature
>          Components: Authorization & authentication
>    Affects Versions: 0.2.1
>            Reporter: Ivo Ladage - van Doorn
>            Assignee: Ivo Ladage - van Doorn
>              Labels: blueconic
>             Fix For: 0.2.2
>
>
> Gadgets rendered in the Amdatu OpenSocial container usually will want to use 
> 3-legged OAuth, but without the authorize step appearing again and again. 
> This means that if the user has an authenticated cookie to the provider site, 
> the 3-legged OAuth process is handled without user interaction:
> - User is redirected to provider site
> - User is already authenticated so no login necessary
> - Allow/deny access step is memorized for this consumer and so can be skipped 
> once access is granted.
> Question remains where the user can revoke the consumer access.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
http://jira.amdatu.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

Reply via email to