Good afternoon,
We're in the process of implementing an open-source Ruby OAuth 2 (draft 09)
server, which will be made available at http://github.com/aflatter/oauth2-ruby.
During our draft 09 analysis we've noticed that the OPTIONAL scope sent by the
client in the Authorization Request is disco
If the scopes granted by the authz server are exactly the ones
requested by the client then I don't see the need for the authz server
to send a scope parameter.
I think the authz server should send the scope parameter if the
granted scopes are different from the requested ones, or if there was
no
Hello Marius,
Thanks for your feedback regarding this issue.
You make a valid point, stating that the authorization server should only send
the scope if it differs from the requested one. However, I would like to
enclose two notes regarding that approach:
* If I understand the 09 draft correct
h-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Diogo Almeida
> Sent: Friday, July 02, 2010 9:23 AM
> To: Marius Scurtescu
> Cc: flat...@gmail.com; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Authorization Response "scope" parameter
>
> Hello Marius,
&g
h-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> > Of Diogo Almeida
> > Sent: Friday, July 02, 2010 9:23 AM
> > To: Marius Scurtescu
> > Cc: flat...@gmail.com; oauth@ietf.org
> > Subject: Re: [OAUTH-WG] Authorization Response "scope" parameter
&g
ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> > Of Diogo Almeida
> > Sent: Friday, July 02, 2010 9:23 AM
> > To: Marius Scurtescu
> > Cc: flat...@gmail.com; oauth@ietf.org
> > Subject: Re: [OAUTH-WG] Authorization Response "scope" parameter
> >
