views:

34

answers:

1

This question is with regards to oAuth.

Does "resource owner" grant one token to a "client" with all the necessary access? or can the "resource owner" grant multiple tokens to the "clients" each with some access?

The difference being upgrade the token's access?

or

just create another token with the added access?

A: 

After some thought I think it definitely should be "upgrade" and the access token.

So the client only needs to store and use one token to access "protected resources"

PK