Scopes table makes little sense.

[wshafer]

• [X] I was not able to find an open or closed issue matching what I'm seeing.
• [X] This is not a question. (Questions should be asked on slack (Signup for Slack here) or our forums.)

As scopes are not really attached to anything, this table doesn't make much sense. It doesn't look like I can attach scopes to users or clients, so all we have is a table of valid scope names which doesn't do a whole lot for us.

I suggest we either do away with scopes, or allow scopes to be added to clients/users

[sheridans]

I certainly don't think we should do away with scopes they are an integral part, and think they should be linked to both clients and users when implemented properly.

For example a scope of read-user-profile could be requested by a client, which would then be stored by the client along with the refresh token and user id. The user profile could then be requested by that particular client via the refresh token at any time.

A really good example of scope implementation can be found here which is done by CCP Games whereby third party clients can request access to certain in-game character info once the user has logged in and granted them the required scopes.

[weierophinney]

This repository has been closed and moved to mezzio/mezzio-authentication-oauth2; a new issue has been opened at https://github.com/mezzio/mezzio-authentication-oauth2/issues/4.