Uploaded image for project: 'Spring Social'
  1. Spring Social
  2. SOCIAL-135

Upgrade OAuth permissions on an as-needed basis


    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0 Backlog
    • Component/s: Connection Web
    • Labels:


      As the developer of an application that integrates with an OAuth 2 service provider, I'd like to be able to request additional permissions for that provider after the initial connection has been made so that I won't need to request all needed permissions up front.

      Currently, the only time to request the scope of an access token is at connection-time, when the user authorizes the application. This requires the application to know up-front what permissions it will need and request all of them at that time. It'd be better to request permissions as-needed. Two scenarios illustrate the benefits of this:

      Suppose that a certain feature of an application needs "read_friendslist" permission from Facebook. But this feature may or may not be used by all users. If asking for this permission up-front, the user may be unclear as to why they should agree to that permission. But if the request for that permission is delayed until it is needed, the user may have additional context that makes it clear why they should agree.

      For the other scenario, suppose that an application has been in production use for awhile with several users already connected with Facebook. Then, a new feature that requires "publish_checkins" permissions is added. None of the existing users will have granted that permission, because it wasn't even known that it would be needed at the time they authorized. But if as-needed permissions are supported, then the user will be prompted to grant that permission at the time they attempt to use the new feature.




            • Assignee:
              habuma Craig Walls
            • Votes:
              5 Vote for this issue
              7 Start watching this issue


              • Created: