The true resources in this example are really the inboxes of each user, and that was carried by the REST call rather than the token used to secure it… and the authorization decision emerged from combining the scope Mail.Read (without which we wouldn’t have bothered doing anything else), the identifier of the user (carried through a different claim in the token) and the entity requested (in the URL of the entity, hence in the actual call).
Exactly! The designation and the authorization have been separated, a classic no-no in capability systems. Once that happens, it is very difficult to reason about, or even correctly implement the system. In this particular case, any inbox that the "User" can read "Mail.Read" is available, even though only one inbox was intended in the original token request.--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z0PMW5BCTxi8Eakjia6%2BjP%3Ds8MwN%3D3WKLsqM1wtJJMVbQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAGLSb_Vp4xxPdeine6fdxVE83w%2BcXV2RV01EWMHMuUgduJ1fyw%40mail.gmail.com.