Authentication Double-Hop


Authentication Double-Hop is when an Authentication Method is used by more than one Resource Server in a series.

So Resource Owner is Authenticated or uses Delegation access to "Resource Server One".

"Resource Server One" then needs, to fulfill the request, needs to access "Resource Server Two".

Can the "Resource Server Two" determine the "Resource Server One" is performing access for the Resource Owner? This is referred to as the Confused Deputy Problem.

OpenID Connect and OAuth 2.0#

OAuth 2.0 Token Exchange solves the Authentication Double-Hop issue.

More Information#

There might be more information for this subject on one of the following: