Contents tagged with OAuth 2.0
today I want to write a few words about security tokens in OAuth2.
So, first of all I'd like to point that security tokens wasn't needed for corporate world. When I say corporate world, I mean networks like B2B, or B2E or something, that has strong system administration army.
But if you need to provide B2C or something like this than you'll need tokens.
As usually tokens has following features:
Security tokens are protected data structures
Also not prescribed in OAuth2 but quite often security tokens implemented as JSON web tokens
has information about producer and topic ( claims )
signed ( has some kind of identity proof )
as usually contain expiry date time … more
today I want to describe for main components of OAuth 2, which should be implemented by any framework which claims to be programmer friendsly implementation of OAuth 2.
We will start from left botton box, or from user. So, user as usually is something or more precise somebody who initiate actions on UI. Something can also be selenium web driver implementation or something similar.
Next goes client. Or if to add another key word client application. There are plenty of them: angularjs app, iOs app, iPhone app, Android app, Xamarin app, etc.
Authorization server is intended to be somebody, who generates tokes for each separate user. Token will consist information about … more
today I want to write few words about OAuth2.
So, one of the defintions of OAuth2 is the following:
OAuth 2.0 is an open protocol to allow secure authorization in a simple and standard method from web and desktop applications.
It has two important parts:
Authorization. It's not just about who is client, but what client is allowed to do.
Client platform: web, mobile, desktop app
So, OAuth 2.0 is protocol which defines permission of server, and give those permissions for any kind of platform.