I am researching & and learning about OAUTH, so please forgive me if this is a very stupid question..
It seems that scopes are typically used to define actions that I can take on behalf of a user, ie:
post_to_wall, follow.
Let's say I am building an multi-tenanted application that allows users to create articles and share them with only people inside their organization. If a user belong to the organization 'Foo' created an article, would it be sensible to tag that article in my application as a 'foo_organization' article, and give any users in the 'Foo' organization the foo_organization scope? Then, if I wanted to share that article with people in the 'Bar' organization, I could change the tag on that article? (adding bar_organization)..
Doing this doesn't feel right, because I would have infinite scopes- but if scopes are just 'arbitrary strings', is that ok? Would I be better to build a service to track these sorts of permissions and just use an ouath server for authentication?
Thanks in advance...
Aucun commentaire:
Enregistrer un commentaire