What is missing in OAuth 2.0
Overview
#
What is missing in OAuth 2.0
No
Discovery Mechanism
Mandatory
Authentication
of the
Resource Owner
There is nothing in
OAuth 2.0
about
Authentication
(
OAuth 2.0 NOT an Authentication protocol
)
No
Authentication Assurance Level
No information on the
Resource Owner
No
Logout Process
(Well since we did not
Authenticate
why
Logout Process
)
Some folks imply that there is a
Authentication Double-Hop
issue.
Allows
HTTP GET
for
Authorization Response
which has
Data Leakage
issues.
OpenID Connect
formally defined a
HTTP POST
response mode.
Most of these short comings are addressed within
OpenID Connect
More Information
#
There might be more information for this subject on one of the following:
OAuth 2.0
Please see our
Copyright And Intellectual Property Page
and
Standard Disclaimer
Pages!