Mais conteúdo relacionado Semelhante a Summary of OAuth 2.0 draft 8 memo (20) Summary of OAuth 2.0 draft 8 memo4. Client Type and Profile
4 ﻪClient types
ﻩ Web Servers
ﻩ User-Agents
ﻩ Native Applications
ﻩ Autonomous Clients
4
5. Web Server Profile
ﻪClient Credential
ﻩClient ID
User-Agent AuthZ Server ﻩClient Secret
ﻪFacebook
ﻪDiff with OAuth 1.0a
ﻩNo Request Token
Web Client Protected
Resource
Characters
5
7. User-Agent Profile
ﻪClient on User-Agent
ﻩTwitter : @anywhere
User-Agent AuthZ Server ﻩFacebook : JavaScript-
Based Authentication
ﻪClient Credential
ﻩClient ID
Client in Protected
Browser Resource
ﻪAccess Token as URI
Fragment Identifier
Characters
7
9. Native Applications
ﻪExternal User-Agent : UA Profile
ﻩUse custom URI scheme
ﻩPolling UA window
ﻪEmbedded User-Agent
ﻩCheck URL Redirection
ﻪPrompt for user credential
ﻩID/PW to Access Token
( ﻯUsername and Password Flow)
9
10. Autonomous Clients
ﻪClients = Resource Owner
( ﻩClient Credential Profile)
ﻪExsisting Trust Relationship / Framework
( ﻩAssertion Profile)
10
11. Client credential
ﻪClient credential
ﻩclient identifier
ﻩclient secret(option)
ﻪAuthN schemes
ﻩRequest parameters
ﻩHTTP Basic authN
11
12. Endpoint
ﻪEnd-user authZ endpoint : Indirect
Communication
ﻩObtaining End-User Authorization
ﻪToken Endpoint : Direct Communication
ﻩ Authrorized Code2Access Token
ﻩ Resource Owner Credentials2Access Token
ﻩ Assertion2Access Token
ﻩ Refresh Token
12
13. End-user authZ endpoint
ﻪRequest format
ﻩHTTP GET
ﻪRequest Params
ﻩtype,client_id,redirect_uri,state,scope
ﻩProposal to use request_url parameter
ﻯRequest by Reference ver.1.0 for OAuth 2.0
13
14. End-user authZ endpoint
ﻪResponse format
ﻩtype = web_server : query parameters
ﻩtype = user_agent : URI fragment identifier
ﻪResponse params
ﻩtype = web_server : code,state
ﻩtype = user_agent :
access_token,expired_in,state
14
15. Token endpoint
ﻪRequest format
ﻩHTTP POST
ﻪRequest params
ﻩClient credential + Specific params
ﻩgrant_type, scope
ﻯcode, redirect_uri
ﻯusername, password
ﻯassertion_type, assertion
ﻩrefresh_token 15
17. Accessing a Protected Resource
ﻪParams
ﻩAccess Token
ﻪMethod
ﻩThe Authorization Request Header Field
ﻩURI Query Parameter
ﻩForm-Encoded Body Parameter
17
19. Username and Password Profile
ﻪLike Twitter xAuth
End-User AuthZ Server
Client Protected
Resource
Characters
19
20. Client Credentials Profile
ﻪLike OAuth Consumer
Request (2-legged
AuthZ Server
OAuth Request)
Client Protected
Resource
Characters
20
21. Assertion Profile
ﻪSAML etc...
AuthZ Server
Client Protected
Resource
Characters
21