jspωiki
OAuth 2.0 Authorization
Your trail: 

Overview#

OAuth 2.0 is about Delegation not Authorization

OAuth 2.0 is NOT an Authentication protocol. (But you could build one on top of OAuth 2.0 as is done with OpenID Connect)

OAuth 2.0 is NOT an Authorization protocol.

OAuth 2.0 is often called an authorization protocol, even the RFC 6749 is called "The OAuth 2.0 Authorization Framework". However, OAuth 2.0 Authorization is a delegation protocol.

What is delegated is a subset of the a Resource Owner (user)’s authorization. OAuth 2.0 does NOT even perform the Authorization but rather provides a protocol (via Authorization Request) where a OAuth Client can request that a user delegate some of their authority. The Resource Owner (user) can then approve, or deny, the request, and the OAuth Client can then act on it with the results of that approval.

OAuth 2.0 Authorization provides for the Delegation of Authorization

More Information#

There might be more information for this subject on one of the following:
This page (revision-9) was last changed on 07-May-2016 11:25 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions38
Uptime2d, 9h 15m 17s
Number of pages16305

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1