Skip to content
This repository has been archived by the owner on Feb 17, 2024. It is now read-only.

Fix errors with the Authorization Grants for OAuth 2.0 #99

Closed
nohorbee opened this issue Sep 16, 2014 · 3 comments
Closed

Fix errors with the Authorization Grants for OAuth 2.0 #99

nohorbee opened this issue Sep 16, 2014 · 3 comments
Assignees
@sichvoge
Milestone
RAML 1.0

Comments

@nohorbee
Copy link

The list should be clear regarding the Authorization Grant names:

  • Authorization code grant: authorization_code
  • Resource owner password credentials grant: password
  • Client credentials grant: client_credentials
  • Implicit grant: implicit
  • Refresh token grant: refresh_token
#%RAML 0.8
title: My Sample API
securitySchemes:
    - oauth_2_0:
        description: |
            OAuth 2.0 implementation.
        type: OAuth 2.0
        settings:
          authorizationUri: https://www.myapi.com/1/oauth2/authorize
          accessTokenUri: https://www.myapi.com/1/oauth2/token
          authorizationGrants: [ authorization_code, password, client_credentials, implicit, refresh_token ]
@nohorbee nohorbee added this to the v1.0 milestone Sep 16, 2014
@usarid usarid modified the milestones: v1.0, v1.0 - staging Sep 30, 2015
@usarid usarid mentioned this issue Sep 30, 2015
Closed
@aldonline
Copy link
Contributor

Let's take the opportunity to fix it and make it right ( see: #177 )

@aldonline aldonline modified the milestones: v1.0 - tentatively subsumed by other candidates, v1.0 - staging Oct 1, 2015
@sichvoge sichvoge removed this from the v1.0 - tentatively subsumed by other candidates milestone Apr 29, 2016
sichvoge added a commit that referenced this issue Apr 29, 2016
@sichvoge
clarified grant types for OAuth 2.0 based on previous discussion in i…
7c9ea8b 
…ssue #99
@sichvoge sichvoge mentioned this issue Apr 29, 2016
Merged
@sichvoge sichvoge added this to the RAML 1.0 milestone Apr 29, 2016
@usarid
Copy link
Contributor

usarid commented May 1, 2016

In fact refresh_token is not a grant type. Confusingly, in OAuth 2.0, to use a refresh token (which MAY be obtained with one of the grant type that issues refresh tokens) to obtain another access token, you submit a request with a parameter called grant_type whose value is set to refresh_token. But there is no notion of an API that supports this grant type as it's not a type of authorization grant. Let's remove it from the list.

@usarid usarid reopened this May 1, 2016
@sichvoge sichvoge mentioned this issue May 1, 2016
Merged
@sichvoge sichvoge closed this as completed May 1, 2016
@sichvoge
Copy link
Contributor

sichvoge commented May 2, 2016

In summary, RAML 1.0 will have the following OOTB grant types

  • Authorization code grant: authorization_code
  • Resource owner password credentials grant: password
  • Client credentials grant: client_credentials
  • Implicit grant: implicit

petrochenko-pavel-a added a commit to raml-org/raml-definition-system that referenced this issue May 2, 2016
@petrochenko-pavel-a
changes required for raml-org/raml-spec#100
f597eb1 
 and  raml-org/raml-spec#99
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sichvoge sichvoge

Labels
None yet
Milestone
RAML 1.0
Development

No branches or pull requests
4 participants
@usarid @aldonline @sichvoge @nohorbee