Contents tagged with Token

  • Defining OAuth2

    Hello everybody,

    today I want to write few words about OAuth2.

    So, one of the defintions of OAuth2 is the following:

    OAuth 2.0 is an open protocol to allow secure authorization in a simple and standard method from web and desktop applications.

    It has two important parts:

    Authorization. It's not just about who is client, but what client is allowed to do.

    Client platform: web, mobile, desktop app

    So, OAuth 2.0 is protocol which defines permission of server, and give those permissions for any kind of platform.


  • What is token in Claims-Based Identity

    Hello everybody,

    today I want to write few words about what is token.

    If to put very simple statement, token is a set of bytes that express information about some subject ( as usually it is user ).

    This information consists of one or more claims. Each claim contains information about subject. 

    General structure of token is like this:

    And now few words about purpose. If user want to use some system, he need to get from some authority security token or set of bytes. After getting token user uses it for getting access to system. 

    System by itself looks at claims and at signature, and depending from claims either gives permission for some activity or not. Signature in token indicates … more