Yes, and: protocol names should be part of the scope names, but I can
imagine so many use cases for finer-grained access. Many clients might
want read-only access to something like calendar or email data, and the
user might find it safer to grant read-only access than full access. As
always, ther
out whether the scopes should be in this document or not, can
you expand on that?
I would love it if this went to the Standards Track.
Lisa Dusseault
On Thu, May 16, 2024 at 8:56 PM Neil Jenkins wrote:
> Hello all,
>
> I have published a draft document I'd like to introduce to t
I've been trying to understand the use case for the assertion flow (
http://tools.ietf.org/html/draft-ietf-oauth-v2-05#section-3.10) .
Conversely, I have a use case for bootstrapping, and I'm trying to
understand if the assertion flow is the right flow for that use case.
The bootstrapping use case
