Let me share an example.

karthik

Aug 30, 2018·1 min read

Let me share an example. Let’s say there are 2 client applications — A and B which wants to use the API. A wants to use only read and B wants to use both read, write APIs. We have to create 2 OAuth agents, AgentA only with read scope and AgentB with read,write scope. When A requests an access token, it will get only read scope and similarly B will get both read,write scopes.

Let’s add a new requirement. B needs only read scope in certain scenarios and both read,write scope in other scenarios. In this case, the code should be written in such a way that B should request only read scope for certain scenarios and both read,write scope for other scenarios.

To summarize, the client application has to be written in such a way that only minimum set of scopes are requested.

karthik

More from karthik

More From Medium

This Is How the Elites Plan to Stop the Mother of All Bubbles From Bursting

Did Buzz Aldrin Just Admit We Never Landed On The Moon?

The 8 Strategies I Use to Maintain 14% Body Fat as a Female

Tim Cook’s 5-Word Response to Facebook Is Brutal and Brilliant at the Same Time

We Have a Bombshell to Announce: Apple First Keynote of 2021

The Beautiful Gamma Function and the Genius Who Discovered It

How To Make Someone Fall In Love With You

Run Your Python Code as Fast as C