Authorize to make a change to entry? about oauth2-server-php HOT 2 CLOSED

Usually this might mean you have a scope called update_user_details. When the client requests a token, it requests with the update_user_details scope, which gives it permission to update the user's details on Lock'din.

Lock'd in then has an API of some sort (REST, RPC, etc), and you then make a call to POST api.lockedin.com/user/user_id/ with perhaps a JSON document or some other representation to update it. Locked in would check to see if you have update_user_details scope in the token before it updates it.

OAuth does not update or make changes to any of your data. It merely provides an authorization framework for you to say: give the DemoApp access to this user's data (modify/delete/update, etc) in the locked'in application without them having to give DemoApp their username and password. As for using the OAuth token to "do stuff", you need to implement an API in your app.

@bshaffer's #56 allows you to implement this really easily as well :)

from oauth2-server-php.

@DeanD
Does this answer your question? F21 is correct - You do not authorize a specific change, you grant the client the authorization to make changes. To authorize a specific change would require extending the protocol.

There may be a way to extend the spec to provide the functionality you are requesting (see extension response types). I think it's an intriguing concept, and certainly has its uses (especially if you're not exactly sure what the client wants with your resources). I'll keep an ear to the ground, but this is the best answer I can give.

from oauth2-server-php.