Skip to content

Requirements from oAuth 2.0 code flow #214

Open
@relu91

Description

@relu91

While I was working on eclipse-thingweb/node-wot#201 I found that the oAuth2.0 code flow might require some structural changes to Scripts and Scripting API.
In particular, the flow expects that the client should redirect the user using a user-agent to a login/consent page and later obtain the access token with redirection. Consequently, a binding implementation that supports this flow should stop the current script, redirect the user, wait for the answer, and resume. Those operations could happen every time a Property/Action/Event with that security schema is used.

This means that:

  • A Script may be stopped/put in the background until the user consent giving the access to his resources. Therefore, it might be another use-case for the specification of script management.

  • A developer might want to trigger the security initialization at will using API so that it can provide a linear UX (i.e. create a login button and do not prompt the user only when it uses some underline property/action/event)

Further, details can be found on the PR page liked above.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Securityfor next iterationPlanned or postponed topics for the futurepriority: lowIssues that might be deferred for lateruse caseDescribes a scenario that may be useful for technical decisionswait-for-td

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions