Jump to content

Topic on Talk:OAuth/Flow

Dantman (talkcontribs)

The database model proposed based on oauth2app looks like it may not be taking into account parts of OAuth 2 we'll be needing like the implicit flow. Also I believe we should separate the database model for 'Applications / Clients' that users authorize and the actual specifics of those apps in the OAuth context. This way we can maintain revocation, sysop tools, etc... separately from the actual OAuth implementation. eg: In case we find a reason to implement some other method of authentication besides just OAuth 2.

We should probably ditch the idea of basing our models off of a potentially half-implemented library and leave the database model up to the implementor who is actually reading the spec and taking into consideration the flows we need and the abstraction we should be implementing.

Reply to "Database model"