OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]

Dirk Balfanz balfanz at
Mon Nov 17 21:13:32 UTC 2008

> Yes, but as Breno said, the OAuth spec does not currently have a concept of
> scope, however, the Consumer Key is definitely part of the spec. It would
> seem to be more generally useful for a Consumer to signal Consumer Key,
> rather than signaling scope, as many SPs need to know the CK, but not all of
> them will need to know the scope. That being said, the CK and Scope should

Need to know the CK for what? What purpose would hinting at the CK serve
(since it wouldn't prove ownership)? And don't say "scope" :-)


> just be 2 separate parameters.
>  If you don't want to put consumer keys there, let consumers put some other
>> encoding of the scope there.
> I have no problem with having an optional parameter for CK, and a different
> optional parameter for scope.
> Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the specs mailing list