user636747
Reputation: 117
Does OAuth2 support cross-user delegation?
Does OAuth2 support the granting of permissions to another user?
I have seen examples of resource owners granting permission to applications, but haven't found much about resource owners granting permission to other users of those applications.
For example.. Two users: User and Delegate.
User grants permission to Delegate to access some resource (via a web interface, perhaps) belonging to User. Delegate authenticates via OAuth2, and can now see the resource which was protected before User granted permission.
In this scenario, Delegate would have permission to access everything Delegate owns, but also have permission to access some subset of what User owns.
Upvotes: 0
Views: 184
Answers (1)
Related Questions
- Oauth2, scopes and user roles
- OIDC delegation
- OAuth2 - User role based Authorization
- oAuth 2.0 - Acting on behalf of the user
- Can an OAuth 2.0 access token be used to authenticate a user in another context?
- Can client credentials grant access token be mapped to a user?
- OAuth 2 Server Associating Scopes with Users?
- Can Oauth2 Access Token be shared by client?
- OAuth2 User Credentials Grant Security
- OAuth2 pass authorization to another client