oauth-v2-1 icon indicating copy to clipboard operation
oauth-v2-1 copied to clipboard

Published 20 hours ago verified publisher icon oauth-wg

Add something in Access Token Privilege Restriction about the first-party use case

Open aaronpk opened this issue 3 years ago • 1 comments

From Vittorio:

§7.4.5

Along the same lines of the comments about delegated authorization earlier for §7.2.3. I think it would be useful to acknowledge here that ATs might carry, and RSs might expect, authorization information that go beyond the delegated authorization for 3rd party API case that is core to OAuth- and remind the reader that those mechanisms are out of scope for oauth hence they shouldn’t expect those aspects to be addressed/handled/regulated by this specification.

aaronpk avatar Sep 08 '21 02:09 aaronpk

I don't see anything in 7.4.5 that limits the use to the delegated authorization scenario so I'm not sure what would need to change.

aaronpk avatar Sep 28 '21 18:09 aaronpk