http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8
In order to achieve the use case above, how would the client (a.k.a the resource owner in this case) specify which user to authorize?
Would the correct approach be to make a request to the Authorization Server with the grant type set to "client_credentials" and set the scope to user=user_id (where user_id would be the identifier for the user Bob)?
-David <http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
