On Fri, Apr 30, 2010 at 11:43 AM, Torsten Lodderstedt <tors...@lodderstedt.net> wrote: > In my opinion, automatic discovery on scope values is as valuable or not > valuable as automatic discovery for a service API. I would like to echo one > of my postings: > > A scope defines the set of permissions a client asks for and that becomes > associated with tokens. I don't see the need (and a way) for automatic scope > discovery. In my opinion, scopes are part of the API documentation of a > particular resource server. So if someone implements a client, it needs to > consider the different scopes this client needs the end users authorization > for. If the resource server implements a OAuth2-based standard API (e.g. for > contact management or e-Mail), a client might be interoperable (in terms of > scopes) among the resource servers implementing this standard.
Not sure I understand, are you saying that for a standard API, like IMAP for example, there should be a standard scope (or set of scopes)? If not, then discovery of scopes is almost a must in this case. The client implementor cannot know the actual scope because implementation is done against a generic API. I did not see the value of scope discovery until I realized the above use case. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
