Authentication Double-Hop is when an Authentication Method is used by more than one Resource Server in a series.

So Resource Owner is Authenticated or uses Delegation access to "Resource Server One".

"Resource Server One" then needs, to fulfill the request, needs to access "Resource Server Two".

Can the "Resource Server Two" determine the "Resource Server One" is performing access for the Resource Owner? This is referred to as the Confused Deputy Problem.

OpenID Connect and OAuth 2.0#

OAuth 2.0 Token Exchange solves the Authentication Double-Hop issue.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 18-Mar-2017 14:50 by jim