This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth 2.0 NOT an Authentication protocol
OAuth 2.0 NOT an Authentication protocol

Version management

Difference between version and

At line 1 added 47 lines
!!! Overview[1]
[{$pagename}]
[{Image src='OAuth 2.0/oauth-not-auththenticaiton.jpg' caption='OAuth Not for Authentication' align=left width=1024 height=552 style='font-size: 120%}] [2]\\
[OAuth 2.0] is __NOT__ an [Authentication] protocol. (But you could build one on top of [OAuth 2.0] as is done with [OpenID Connect]
[OAuth 2.0] is __NOT__ an [Authorization] protocol.
[OAuth 2.0] is often called an [authorization] protocol, even the [RFC 6749] is called "The OAuth 2.0 Authorization Framework". However, [OAuth 2.0] is a [delegation] protocol.
What is [delegated|Delegation] is a subset of the a user’s [authorization]. [OAuth 2.0] does not even perform the [Authorization] but rather provides a [protocol] where a [OAuth Client] can request that a [user|Resource Owner] delegate some of their authority. The user can then approve, or deny, the request, and the [OAuth Client] can then act on it with the results of that approval.
[OAuth 2.0] provides for the [Delegation] of [Authorization]
* By the [Resource Owner]
* to the [OAuth Client]
* for [Resource Server]
[OAuth 2.0] uses [delegation] for user [authentication] to the service that hosts the [Resource Owner] (user) account [4]
!! The problem with [OAuth 2.0] for [Authentication] [3]
A nice article on [The problem with OAuth for Authentication|http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [not an authentication protocol|http://oauth.net/articles/authentication//|target='_blank'] - based on information obtained 2015-07-05
* [#2] - [A sample of the slides that won me #CISNOLA #TrackBattle.|https://twitter.com/NishantK/status/740167951383433216|target='_blank']
* [#3] - [The problem with OAuth for Authentication|http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html|target='_blank']
* [#4] - [An Introduction to OAuth 2|https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2|target='_blank']
* [#5] - [OAuth 2.0 NOT an Authentication protocol|https://twitter.com/ve7jtb/status/740650395735871488|target='_blank']
* [#6] - [OAuth is not Authentication - 2 min. OAuth #9|https://youtu.be/iGFy1xHGGx4|target='_blank'] - based on information obtained 2018-10-15-
* [#7] - [OAuth 2.0 and Sign-In|http://www.cloudidentity.com/blog/2013/01/02/oauth-2-0-and-sign-in-4/|target='_blank'] - based on information obtained 2015-07-16
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop