[openstreetmap/openstreetmap-website] OAuth 2: Granting partial not possible (Issue #4360)
Tobias Zwick
notifications at github.com
Wed Nov 22 02:06:45 UTC 2023
> Well the problem is that you can't (with our implementation at least) just request multiple tokens because the server aggregates all authorisations for a given client, so when you try and get a new token it will see the existing authorisation and return a token for it without asking the user to authorise again.
I just tested this. I created one access token to access everything, and then one access token for only `read_prefs`. It works as expected, i.e. the second token really only has access to reading preferences while the other has access to everything.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4360#issuecomment-1821975099
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4360/1821975099 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231121/d3591cf6/attachment.htm>
More information about the rails-dev
mailing list