oauth - How to handle authorizing the same third-party application multiple times for a single user account? -


i'm working on cloud-storage api, authorized via oauth. users of third-party applications can permit said application access files/data via our restful api.

currently, limiting third-party app access users account once. e.g., access token table has unique on consumer column , user column. makes sense @ first glance, user should never sent our service authorize third-party application twice, since third-party know user tied our service , wouldn't need re-authorized.

however, if user has 2 accounts on third-party app, , want said app connect single account on our service twice? seems likely, given prevalence of multiple accounts on services such reddit.

here possible solutions i've come far, none of them being perfect:

  • display error during second auth request: seems frustrating experience user, "cop out" of sorts.
  • delete previous token: annoy user, previous accounts stop working. if display warning, hard explain happening.
  • return same access token first request: each time access requested, set of permissions passed along. permissions second request different permissions first request. also, not sure if violate oauth spec, secondly generated request token isn't tied access token properly.
  • allow 2 generated: confusing, when user visits screen full of authorized applications revoke one, don't know authorization tied third-party account. ask optional third-party username parameter when request token generated identify different auth's (we ask non-oauth-standard permission parameter already). but, seems wouldn't used 99% of developers , make application development more confusing.

what best way handle situation? there standardized practice handling use-case?

i think last case right way go - allow 2 generated

when user visits screen full of authorized application, it's not necessary show him 1 , same application twice - have delete tokens associated app if user revokes application access. is, authorizations app tokens go away revoke, fine.


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more