...
- Client Application - custom front end, fedora proxy, or message-driven service
- Authorization Service - Fedora
- Resource Server - Fedora
OAuth Token Scopes (Proposed)
scope | authorizer | definition |
---|---|---|
forward credentials | fedoraAdmin role | ability to forward end-user credentials in headers |
fedora administrator | fedoraAdmin role | ability to act in the fedoraAdmin role |
* on behalf of X | fedoraUser X | ability to forward end-user X user principal |
read only | both | may only read data |
until time T | both | authorizes for a limited time T |
...