Hi, I am playing with the idea of using role names in the scope parameter (of RequestToken endpoint) for authorizing to our platform. It will work somehow like this: A user has a number of roles: e.g. SalesRep, Employee, Manager. To each role a consistent privilege set is assigned, so the user would also be able to use (part of) the functionality of the platform with only one role.
Then the token would be bound to a certain role (e.g. SalesRep), such that the consumer app cannot excercise all privileges of the user, but only those limited to the assigned scope, which is a role. Upon app registration, it will be made clear which roles are liable for the scope parameter. Any comments? regards, Willem Jan -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
