dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth [2021/07/29 12:52] murphy |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth [2021/08/18 10:12] (current) murphy [Introduction] |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| ==== Introduction ==== | ==== Introduction ==== | ||
| - | : //In the traditional client-server [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] model, the [[dido:public:ra:xapend:xapend.a_glossary:c:client|client]] | + | : //In the traditional [[dido:public:ra:xapend:xapend.a_glossary:c:client-server|client-server]] [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] model, the [[dido:public:ra:xapend:xapend.a_glossary:c:client|client]] |
| requests an access-restricted resource (protected resource) on the | requests an access-restricted resource (protected resource) on the | ||
| - | server by authenticating with the server using the resource owner's | + | [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] by authenticating with the server using the resource owner's |
| credentials. In order to provide third-party [[dido:public:ra:xapend:xapend.a_glossary:a:application|applications]] access to | credentials. In order to provide third-party [[dido:public:ra:xapend:xapend.a_glossary:a:application|applications]] access to | ||
| restricted resources, the resource owner shares its credentials with | restricted resources, the resource owner shares its credentials with | ||
| Line 23: | Line 23: | ||
| * //Third-party applications are required to store the resource | * //Third-party applications are required to store the resource | ||
| - | owner's credentials for future use, typically a password in | + | owner's credentials for future use, typically a [[dido:public:ra:xapend:xapend.a_glossary:p:password|password]] in |
| clear-text.// | clear-text.// | ||
| * //Servers are required to support password authentication, despite | * //Servers are required to support password authentication, despite | ||
| Line 47: | Line 47: | ||
| : //Instead of using the resource owner's credentials to access protected | : //Instead of using the resource owner's credentials to access protected | ||
| resources, the client obtains an access token -- a string denoting a | resources, the client obtains an access token -- a string denoting a | ||
| - | specific scope, lifetime, and other access attributes. Access tokens | + | specific scope, lifetime, and other access attributes. Access [[dido:public:ra:xapend:xapend.a_glossary:t:tokens|tokens]] |
| are issued to third-party clients by an authorization server with the | are issued to third-party clients by an authorization server with the | ||
| approval of the resource owner. The client uses the access token to | approval of the resource owner. The client uses the access token to | ||
| Line 60: | Line 60: | ||
| specific credentials (access token).// | specific credentials (access token).// | ||
| - | : //This specification is designed for use with HTTP ([[https://tools.ietf.org/html/rfc2616 | RFC2616]]). The use of OAuth over any protocol other than HTTP is out of scope.// | + | : //This specification is designed for use with HTTP ([[https://tools.ietf.org/html/rfc2616 | RFC2616]]). The use of OAuth over any [[dido:public:ra:xapend:xapend.a_glossary:p:protocol|protocol]] other than HTTP is out of scope.// |
| : //The OAuth 1.0 protocol ([[ https://tools.ietf.org/html/rfc5849 | RFC5849]]), published as an informational | : //The OAuth 1.0 protocol ([[ https://tools.ietf.org/html/rfc5849 | RFC5849]]), published as an informational | ||
dido/public/ra/xapend/xapend.b_stds/tech/ietf/oauth.1627577538.txt.gz · Last modified: 2021/07/29 12:52 by murphy
