Comments (2)
Usually this might mean you have a scope
called update_user_details
. When the client requests a token, it requests with the update_user_details
scope, which gives it permission to update the user's details on Lock'din.
Lock'd in then has an API of some sort (REST, RPC, etc), and you then make a call to POST api.lockedin.com/user/user_id/
with perhaps a JSON document or some other representation to update it. Locked in would check to see if you have update_user_details
scope in the token before it updates it.
OAuth does not update or make changes to any of your data. It merely provides an authorization framework for you to say: give the DemoApp access to this user's data (modify/delete/update, etc) in the locked'in application without them having to give DemoApp their username and password
. As for using the OAuth token to "do stuff", you need to implement an API in your app.
@bshaffer's #56 allows you to implement this really easily as well :)
from oauth2-server-php.
@DeanD
Does this answer your question? F21 is correct - You do not authorize a specific change, you grant the client the authorization to make changes. To authorize a specific change would require extending the protocol.
There may be a way to extend the spec to provide the functionality you are requesting (see extension response types). I think it's an intriguing concept, and certainly has its uses (especially if you're not exactly sure what the client wants with your resources). I'll keep an ear to the ground, but this is the best answer I can give.
from oauth2-server-php.
Related Issues (20)
- Revoking token
- unable to generate access token
- PKCE Support, please HOT 1
- Integration with Psr\Http\Message\ RequestInterface and ResponseInterface HOT 1
- [QUESTION] OpenID Connect Back-Channel Logout
- Firebase/JWT <6 is considered security risk HOT 6
- Different user database depending on client_id
- Add getToken() to ResourceControllerInterface
- cors issue with authorize.php
- Help with error using JWT?
- Ci4 OAuth2 ACCESS_TOKEN invalid
- No way to distinguish between "invalid" and expired JWT token HOT 8
- Step-by-step Walkthrough not up-to-date HOT 2
- Not possible to inject custom implementation of EncryptionInterface without overriding whole createDefaultIdTokenResponseType() or whole response type
- how do i use cookie
- http://192.168.1.205/authorize.php?response_type=code&client_id=testclient&state=xyz HOT 2
- Device Authorization Grant support
- refresh token
- Column 'code_challenge' cannot be null HOT 1
- How can i use PKCE to add code_challenge authentication HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server-php.