This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
What is missing in OAuth 2.0
What is missing in OAuth 2.0

Version management

Difference between version and

At line 1 added 16 lines
!!! Overview
[{$pagename}]
* No [Discovery Mechanism]
* Mandatory [Authentication] of the [Resource Owner]
** There is nothing in [OAuth 2.0] about [Authentication] ([OAuth 2.0 NOT an Authentication protocol])
* No [Authentication Assurance Level|Authenticator Assurance Levels]
* No information on the [Resource Owner]
* No [Logout Process] (Well since we did not [Authenticate] why [Logout Process|Logout])
* Some folks imply that there is a [Authentication Double-Hop] issue.
* Allows [HTTP GET] for [Authorization Response] which has [Data Leakage] issues. [OpenID Connect] formally defined a [HTTP POST] response mode.
Most of these short comings are addressed within [OpenID Connect]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop