OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]
atom at yahoo-inc.com
Fri Nov 14 02:43:42 UTC 2008
In the future, we might update our OAuth service to allow developers to
pass us the scope dynamically, rather than binding the scope to the CK.
However, we'd still probably require developers to agree to a TOS in
order to get a CK/CS.
I'm concerned about having to tell developers to pass the CK via the
scope parameter for the first revision, and then later telling them that
scope parameter actually means the scope. I'd like to have one parameter
(possibly optional) that means CK, and another parameter (also optional)
that means Scope. Overloading a single parameter can get really messy in
the long run.
Breno de Medeiros wrote:
> Ok, but what is wrong for you to instruct the developers to insert the
> consumer_key in the scope parameter, and they bind it to the approved
> request token?
More information about the specs