What we might want to cover: - [ ] standard scopes: just generic read/write or one level deeper: {collection}:read/{collection}:write with potential wildcard *:read/*:write - [ ] profile for OAuth2 for machine-2-machine use case (client auth grant, type of auth) - token lifetime, refresh token - [ ] profile for OAuth2 with user authentication (browser use case, with openID Connect?) - token lifetime, refresh token - [ ] new use cases? transfer? - [ ] standard claims: client_id... user? whatever
What we might want to cover: