Isn't that covered by Token Exchange already? https://datatracker.ietf.org/doc/html/rfc8693
Le sam. 18 mai 2024, 16:29, Igor Janicijevic <i...@ivagor.com> a écrit : > Dear All, > > > > I have published an Internet Draft document that I would like to introduce > to the OAuth working group for consideration. Here is the link for your > reference: > https://www.ietf.org/archive/id/draft-janicijevic-oauth-b2b-authorization-00.html > > > > Abstract > > Delegated B2B Authorization enables a third-party OAuth client to obtain a > limited access to an HTTP service on behalf of another OAuth client which > is acting as a resource owner. This specification extends the OAuth 2.0 > Authorization Framework with two new endpoints which allow a resource owner > OAuth client to manage access for a third-party OAuth client. > > > > Motivation > > I work for a large financial services organization, and we are using OAuth > 2.0 extensively to secure API based B2B integrations with various third > parties by utilizing OAuth client_credentials grant type. Some of those > third parties are our customers, while others are either our partners or > partners of our customers. One of the challenges that we have encountered > is that there is no standard way to delegate access to resources in B2B > integrations, so that one party can obtain access to protected resources on > behalf of another party. The above internet draft describes a possible > extension to OAuth 2.0 that may be able to address this issue. > > > > I am looking forward to receiving your feedback. > > > > Regards, > > Igor > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org