You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In light of data-interoperability-panel/issues/308 (giving grantees access to Authorizations), I wondered which use cases actually need grantees to directly access permission info (authorizations/grants, denials etc.) at all ... Afaik, none of our reference AS frameworks (OAuth 2.x, UMA, GNAP) support that; if a client wants to know whether it is allowed to access some resource, it can always try to get a token. After all, upon discovery of existing authorization, that's what the client would do anyway. Leaving direct access out would thus simplify our model, and bring it closer to existing AS implementations.
The text was updated successfully, but these errors were encountered:
In light of data-interoperability-panel/issues/308 (giving grantees access to Authorizations), I wondered which use cases actually need grantees to directly access permission info (authorizations/grants, denials etc.) at all ... Afaik, none of our reference AS frameworks (OAuth 2.x, UMA, GNAP) support that; if a client wants to know whether it is allowed to access some resource, it can always try to get a token. After all, upon discovery of existing authorization, that's what the client would do anyway. Leaving direct access out would thus simplify our model, and bring it closer to existing AS implementations.
The text was updated successfully, but these errors were encountered: