This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth Scope Validation
OAuth Scope Validation

Version management

Difference between version and

At line 1 added 13 lines
!!! Overview
[{$pagename}] process [MUST] be performed on all [OAuth Scope] requests.
[OAuth Scopes] values that are used to request [Claims] and there is no guarantee that the [Claims] requested will be returned. The [Authorization Server] [MAY] deny some of the requested [OAuth Scopes] based on [Authorization Policy] or an the [Resource Owner] ([End-User]) [MAY] be given the option to have the [OpenID Connect Provider] decline to provide some or all information requested by a [Relying Party]. To minimize the amount of information that the [Resource Owner] is being asked to disclose, an [Relying Party] can elect to only request a subset of the information available.
The [OAuth Client]/[Relying Party] [MUST] validate the [OAuth Scopes] returned in the [Access Token] contains the necessary [OAuth Scopes] and the if the [UserInfo Request] [claims] match the [UserInfo Response] claims.
If the [OAuth Client]/[Relying Party] [MUST] have some scope NOT provided, the they should abort the process and provide an appropriate error.
For [example], the user may have chosen to authenticate only, but not to provide access to the other [OAuth Scopes] or the [Authorization Server] [MAY] have denied access due to the [Authorization Policy] !! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop