Oauth is a perfect demonstration on how software architects live in a different world than developers. It would be handy when architects stick to the same terms as developers do, call them roles, not scopes. In a company the user is not the owner of the data, so the concept of resource owner is wrong and no concept of consent is applicable
Great talk. One thing that was unclear was where are the refresh tokens stored. In local storage or in the cookie.
Oauth is a perfect demonstration on how software architects live in a different world than developers.
It would be handy when architects stick to the same terms as developers do, call them roles, not scopes.
In a company the user is not the owner of the data, so the concept of resource owner is wrong and no concept of consent is applicable