[openstreetmap/openstreetmap-website] OAuth 2: Granting partial not possible (Issue #4360)
Tobias Zwick
notifications at github.com
Tue Nov 21 21:00:10 UTC 2023
Oh, but what happens if for a client that registers to have all permissions, I call
authorize?response_type=code&client_id=AaV513LxeuSA1EL5q9jhiwRTi5bZyaQFCuZdYMebNwg&redirect_uri=https%3A%2F%2F127.0.0.1%3Aoauth&scope=**read_prefs%20write_prefs**
, authorize, and then later call
authorize?response_type=code&client_id=AaV513LxeuSA1EL5q9jhiwRTi5bZyaQFCuZdYMebNwg&redirect_uri=https%3A%2F%2F127.0.0.1%3Aoauth&scope=**write_api**
I get the same token, but that token now has all three permissions? (I guess that would be fine for the described use case, wouldn't it?)
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4360#issuecomment-1821671670
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4360/1821671670 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231121/90be2737/attachment.htm>
More information about the rails-dev
mailing list