Overview#

Authorization Server (AS) is an Actor within OAuth 2.0 and OpenID Connect which typically provides the Security Token Service (STS) or colloquially, the server that issues tokens.

Authorization Server is the Application for issuing the OAuth Client tokens which allows access to the data on the Resource Server on behalf of Resource Owner.

Typically the Authorization Server could also be an Identity Provider (IDP) though there is no reason that they could not be separate servers.

Policy Administration Point#

Typically we can think of the Authorization Server as the Policy Information Point where the the policy is defined and subsequently stored. The Resource Server is the Policy Enforcement Point where the policiy is enforced.

Components#

Authorization Server typically has the following components:

The Authorization Server and the Resource Server could be the same server, but it doesn't have to. The OAuth 2.0 specification does not provide an Authentication protocol for the Resource Owner. It strongly suggests that OAuth Client applications should use Authorization Header for accessing the Token_endpoint, but it says nothing about the Authentication of Resource Owner when their approval is needed for a Delegation (only that they must be Authenticated). This allows Authentication completely orthogonal to the approval process, and Authorization Server are free to implement the Authentication any way they choose.

The User Managed Access standardizes their communication and this is really critical because as use cases for potentially putting them in different domains run by different companies.

Typical Implementation#

In a typical Implementation the Authorization Server acts both as the Policy Decision Point and also as the Policy Enforcement Point that protects the OAuth 2.0 Authorization Endpoint.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-17) was last changed on 19-Sep-2017 09:29 by jim