...
- Client Application - custom front end, fedora proxy, or message-driven service
- Authorization Service - Fedora
- Resource Server - Fedora
OAuth Token Scopes (Proposed)
| scope | authorizer | definition |
|---|---|---|
| forward credentials | fedoraAdmin role | ability to forward end-user credentials in headers |
| fedora administrator | fedoraAdmin role | ability to act in the fedoraAdmin role |
| * on behalf of X | fedoraUser X | ability to forward end-user X user principal |
| read only | both | may only read data |
| until time T | both | authorizes for a limited time T |
...