|
|
|
|
|
|
by nickgros
2602 days ago
|
|
|
IIRC the OAuth2-interfacing application needs to (or at least should) know beforehand exactly what to request access to, so if that's read/write access to all of the user's content, it's trivial. For the external application to know something specific like a particular resource is more complicated to deal with (especially with private/hidden content), so most OAuth providers don't provide that level of granularity. It can be done, it just requires more engineering than most (all?) off-the-shelf OAuth solutions provide, and it's more control than most users actually need. |
|
|