dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth [2020/05/07 15:35] nick ↷ Page moved from dido:public:apdx.stds:tech:ietf:oauth to dido:public:xapend.stds:tech:ietf:oauth |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth [2021/08/18 10:12] (current) murphy [Introduction] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== RFC6749 - The OAuth 2.0 Authorization Framework ===== | ===== RFC6749 - The OAuth 2.0 Authorization Framework ===== | ||
| - | [[dido:public:apdx.stds:tech:ietf| return to the IETF Standards ]] | + | [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]] |
| <table> | <table> | ||
| Line 15: | Line 15: | ||
| ==== Introduction ==== | ==== Introduction ==== | ||
| - | : //In the traditional client-server authentication model, the client | + | : //In the traditional [[dido:public:ra:xapend:xapend.a_glossary:c:client-server|client-server]] [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] model, the [[dido:public:ra:xapend:xapend.a_glossary:c:client|client]] |
| requests an access-restricted resource (protected resource) on the | requests an access-restricted resource (protected resource) on the | ||
| - | server by authenticating with the server using the resource owner's | + | [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] by authenticating with the server using the resource owner's |
| - | credentials. In order to provide third-party applications access to | + | credentials. In order to provide third-party [[dido:public:ra:xapend:xapend.a_glossary:a:application|applications]] access to |
| restricted resources, the resource owner shares its credentials with | restricted resources, the resource owner shares its credentials with | ||
| the third party. This creates several problems and limitations:// | the third party. This creates several problems and limitations:// | ||
| * //Third-party applications are required to store the resource | * //Third-party applications are required to store the resource | ||
| - | owner's credentials for future use, typically a password in | + | owner's credentials for future use, typically a [[dido:public:ra:xapend:xapend.a_glossary:p:password|password]] in |
| clear-text.// | clear-text.// | ||
| * //Servers are required to support password authentication, despite | * //Servers are required to support password authentication, despite | ||
| Line 38: | Line 38: | ||
| password.// | password.// | ||
| - | : //OAuth addresses these issues by introducing an authorization layer | + | : //[[dido:public:ra:xapend:xapend.a_glossary:o:oauth]] addresses these issues by introducing an authorization layer |
| and separating the role of the client from that of the resource | and separating the role of the client from that of the resource | ||
| owner. In OAuth, the client requests access to resources controlled | owner. In OAuth, the client requests access to resources controlled | ||
| Line 47: | Line 47: | ||
| : //Instead of using the resource owner's credentials to access protected | : //Instead of using the resource owner's credentials to access protected | ||
| resources, the client obtains an access token -- a string denoting a | resources, the client obtains an access token -- a string denoting a | ||
| - | specific scope, lifetime, and other access attributes. Access tokens | + | specific scope, lifetime, and other access attributes. Access [[dido:public:ra:xapend:xapend.a_glossary:t:tokens|tokens]] |
| are issued to third-party clients by an authorization server with the | are issued to third-party clients by an authorization server with the | ||
| approval of the resource owner. The client uses the access token to | approval of the resource owner. The client uses the access token to | ||
| Line 60: | Line 60: | ||
| specific credentials (access token).// | specific credentials (access token).// | ||
| - | : //This specification is designed for use with HTTP ([[https://tools.ietf.org/html/rfc2616 | RFC2616]]). The use of OAuth over any protocol other than HTTP is out of scope.// | + | : //This specification is designed for use with HTTP ([[https://tools.ietf.org/html/rfc2616 | RFC2616]]). The use of OAuth over any [[dido:public:ra:xapend:xapend.a_glossary:p:protocol|protocol]] other than HTTP is out of scope.// |
| : //The OAuth 1.0 protocol ([[ https://tools.ietf.org/html/rfc5849 | RFC5849]]), published as an informational | : //The OAuth 1.0 protocol ([[ https://tools.ietf.org/html/rfc5849 | RFC5849]]), published as an informational | ||
| Line 76: | Line 76: | ||
| OAuth 1.0 should approach this document without any assumptions as to | OAuth 1.0 should approach this document without any assumptions as to | ||
| its structure and details.// | its structure and details.// | ||
| + | |||
| + | |||
| + | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
| + | /* To add a discussion page to this page, comment out the line that says | ||
| + | ~~DISCUSSION:off~~ | ||
| + | */ | ||
| + | ~~DISCUSSION:on|Outstanding Issues~~ | ||
| + | ~~DISCUSSION:off~~ | ||
dido/public/ra/xapend/xapend.b_stds/tech/ietf/oauth.1588880119.txt.gz · Last modified: 2020/05/07 15:35 by nick
