This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth_bearer [2020/05/05 20:49] nick ↷ Page moved from dido:public:stds:tech:ietf:oauth_bearer to dido:public:apdx.stds:tech:ietf:oauth_bearer |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:oauth_bearer [2021/08/18 10:29] (current) murphy |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage ===== | ===== RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage ===== | ||
- | [[dido:public:stds:tech:ietf | return to the IETF Standards ]] | + | [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]] |
<table> | <table> | ||
Line 17: | Line 17: | ||
==== Introduction ==== | ==== Introduction ==== | ||
- | : //OAuth enables clients to access protected resources by obtaining an | + | : //[[dido:public:ra:xapend:xapend.a_glossary:o:oauth]] enables [[dido:public:ra:xapend:xapend.a_glossary:c:client|clients]] to access protected resources by obtaining an |
- | access token, which is defined in "The OAuth 2.0 Authorization | + | access token, which is defined in "The OAuth 2.0 [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] |
Framework" [RFC6749] as "a string representing an access | Framework" [RFC6749] as "a string representing an access | ||
authorization issued to the client", rather than using the resource | authorization issued to the client", rather than using the resource | ||
owner's credentials directly.// | owner's credentials directly.// | ||
- | : //Tokens are issued to clients by an authorization server with the | + | : //[[dido:public:ra:xapend:xapend.a_glossary:t:tokens|Tokens]] are issued to clients by an authorization [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] with the |
approval of the resource owner. The client uses the access token to | approval of the resource owner. The client uses the access token to | ||
access the protected resources hosted by the resource server. This | access the protected resources hosted by the resource server. This | ||
Line 30: | Line 30: | ||
: //This specification defines the use of bearer tokens over HTTP/1.1 | : //This specification defines the use of bearer tokens over HTTP/1.1 | ||
- | [[https://tools.ietf.org/html/rfc2616 | RFC2616]] using Transport Layer Security (TLS) [[https://tools.ietf.org/html/rfc5246 | RFC5246]] to access | + | [[https://tools.ietf.org/html/rfc2616 | RFC2616]] using [[dido:public:ra:xapend:xapend.a_glossary:t:tls]] [[https://tools.ietf.org/html/rfc5246 | RFC5246]] to access |
protected resources. TLS is mandatory to implement and use with this | protected resources. TLS is mandatory to implement and use with this | ||
specification; other specifications may extend this specification for | specification; other specifications may extend this specification for | ||
Line 38: | Line 38: | ||
general HTTP authorization method that can be used with bearer tokens | general HTTP authorization method that can be used with bearer tokens | ||
from any source to access any resources protected by those bearer | from any source to access any resources protected by those bearer | ||
- | tokens. The Bearer authentication scheme is intended primarily for | + | tokens. The Bearer [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] scheme is intended primarily for |
server authentication using the WWW-Authenticate and Authorization | server authentication using the WWW-Authenticate and Authorization | ||
HTTP headers but does not preclude its use for proxy authentication.// | HTTP headers but does not preclude its use for proxy authentication.// | ||
+ | |||
+ | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
+ | /* To add a discussion page to this page, comment out the line that says | ||
+ | ~~DISCUSSION:off~~ | ||
+ | */ | ||
+ | ~~DISCUSSION:on|Outstanding Issues~~ | ||
+ | ~~DISCUSSION:off~~ |