This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth_bearer [2020/05/05 20:49] nick ↷ Links adapted because of a move operation |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth_bearer [2021/08/18 10:29] (current) murphy |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage ===== | ===== RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage ===== | ||
| - | [[dido:public:apdx.stds:tech:ietf| return to the IETF Standards ]] | + | [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]] |
| <table> | <table> | ||
| Line 17: | Line 17: | ||
| ==== Introduction ==== | ==== Introduction ==== | ||
| - | : //OAuth enables clients to access protected resources by obtaining an | + | : //[[dido:public:ra:xapend:xapend.a_glossary:o:oauth]] enables [[dido:public:ra:xapend:xapend.a_glossary:c:client|clients]] to access protected resources by obtaining an |
| - | access token, which is defined in "The OAuth 2.0 Authorization | + | access token, which is defined in "The OAuth 2.0 [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] |
| Framework" [RFC6749] as "a string representing an access | Framework" [RFC6749] as "a string representing an access | ||
| authorization issued to the client", rather than using the resource | authorization issued to the client", rather than using the resource | ||
| owner's credentials directly.// | owner's credentials directly.// | ||
| - | : //Tokens are issued to clients by an authorization server with the | + | : //[[dido:public:ra:xapend:xapend.a_glossary:t:tokens|Tokens]] are issued to clients by an authorization [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] with the |
| approval of the resource owner. The client uses the access token to | approval of the resource owner. The client uses the access token to | ||
| access the protected resources hosted by the resource server. This | access the protected resources hosted by the resource server. This | ||
| Line 30: | Line 30: | ||
| : //This specification defines the use of bearer tokens over HTTP/1.1 | : //This specification defines the use of bearer tokens over HTTP/1.1 | ||
| - | [[https://tools.ietf.org/html/rfc2616 | RFC2616]] using Transport Layer Security (TLS) [[https://tools.ietf.org/html/rfc5246 | RFC5246]] to access | + | [[https://tools.ietf.org/html/rfc2616 | RFC2616]] using [[dido:public:ra:xapend:xapend.a_glossary:t:tls]] [[https://tools.ietf.org/html/rfc5246 | RFC5246]] to access |
| protected resources. TLS is mandatory to implement and use with this | protected resources. TLS is mandatory to implement and use with this | ||
| specification; other specifications may extend this specification for | specification; other specifications may extend this specification for | ||
| Line 38: | Line 38: | ||
| general HTTP authorization method that can be used with bearer tokens | general HTTP authorization method that can be used with bearer tokens | ||
| from any source to access any resources protected by those bearer | from any source to access any resources protected by those bearer | ||
| - | tokens. The Bearer authentication scheme is intended primarily for | + | tokens. The Bearer [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] scheme is intended primarily for |
| server authentication using the WWW-Authenticate and Authorization | server authentication using the WWW-Authenticate and Authorization | ||
| HTTP headers but does not preclude its use for proxy authentication.// | HTTP headers but does not preclude its use for proxy authentication.// | ||
| + | |||
| + | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
| + | /* To add a discussion page to this page, comment out the line that says | ||
| + | ~~DISCUSSION:off~~ | ||
| + | */ | ||
| + | ~~DISCUSSION:on|Outstanding Issues~~ | ||
| + | ~~DISCUSSION:off~~ | ||