Mandatory and optional scopes #644
Comments
Vengarioth
pushed a commit
to genesiscloud/Blender-ID
that referenced
this issue
Jan 30, 2019
- Added `badge` to allowed scopes. This way OAuth clients can request this scope (rather than the other scopes, which are manually granted by us). - Show access to badges in OAuth authorisation screen. The scope isn't optional just yet, see [Github issue 644](jazzband/django-oauth-toolkit#644) in the Django-OAuth-Toolkit project.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there!
We've built an authentication service on top of Django-OAuth-Toolkit (DOT), and it works really well. We now want to extend our service by introducing 'badges', which can be assigned to users, and shown on 3rd party websites. To give a concrete example, user Sybren could have a 'developer' badge; once he logs in on ThisAwesomeWebsite.com authenticating with our OAuth service, we want ThisAwesomeWebsite.com to be able to access his badges. For this we introduced a new scope
badgethat determines whether the access token can be used to fetch badges for the user.So far so good, but we also want the user to have a choice whether to allow this or not. I'm thinking of the similar feature that Facebook offers when connecting an app to it: the app can request certain scopes, and the user can disable scopes if they don't want to give the app that access. In our case, users would be able to disable the
badgescope.Is this possible with DOT? I didn't see anything in the documentation about this, but my gut feeling tells me something like this should be possible.
The text was updated successfully, but these errors were encountered: