[openstreetmap/openstreetmap-website] OAuth 2: Granting partial permissions not possible (Issue #4360)
Tobias Zwick
notifications at github.com
Thu Nov 23 12:51:54 UTC 2023
In any case it would be helpful to have a decision about if checkboxes are to return for the OAuth 2 implementation (at some point) because it affects client implementations.
I.e. in that case, clients should not assume that everything that has been requested was granted, but must read the `scope` parameter of the response to learn which permissions have been granted. I.e. similar to but more straightforward than the old OAuth 1.0a auth flow.
My preference then would also be if the checkboxes returned, because while it may be possible to request granular permissions as described in https://github.com/openstreetmap/openstreetmap-website/issues/4360#issuecomment-1822949775 I doubt that any client developer will actually implement that. In any case, whether or not it is done depends on the individual **client** developers, while actually it should be the **user**'s choice.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4360#issuecomment-1824380137
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4360/1824380137 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231123/74ba6a1c/attachment.htm>
More information about the rails-dev
mailing list