Ivo Ladage - van Doorn created AMDATUAUTH-133:
-------------------------------------------------
Summary: Support more fine-grained authorization in access tokens
Key: AMDATUAUTH-133
URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-133
Project: Amdatu Auth
Issue Type: New Feature
Components: OAuth server
Affects Versions: 0.2.1
Reporter: Ivo Ladage - van Doorn
Assignee: Ivo Ladage - van Doorn
Fix For: 0.2.2
The current access tokens provided by the OAuth server do not support assigning
any form of authorization to the token. The only authorization is yes/no and
the authorization derived from the user for which the token was obtained.
Currently the user for example cannot provide a consumer only read-access to
its resources; the consumer always retrieved full access to the users resources.
Scenario that should be supported:
- A REST service defines two permissions 'read-only' and 'read/write'
- These permissions are picked up by the OAuth server
- In the authorize step, these two permissions are displayed and the user must
select what type of access to grant to the consumer
- The REST service verifies if the access token was obtained with 'read/write'
access in case an API is invoked that modifies data. If only 'read-only' is
provided, it returns a 401
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://jira.amdatu.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
