Difference between revisions of "Authorization Request"
From MgmtWiki
(→Problems) |
|||
| Line 8: | Line 8: | ||
==Problems== | ==Problems== | ||
There are multiple limitations that have been discovered with [[OAuth 2.,0]] since it was created. | There are multiple limitations that have been discovered with [[OAuth 2.,0]] since it was created. | ||
| − | # The number of services involved in an | + | # The number of services involved in an [[Authorization Request]] were |
# | # | ||
# | # | ||
| Line 16: | Line 16: | ||
===PAR=== | ===PAR=== | ||
| − | + | [[Authorization Request]] | |
===RAR=== | ===RAR=== | ||
| − | + | Rich [[Authorization Request]] brings more | |
===JAR=== | ===JAR=== | ||
| − | + | [[Authorization Request]] | |
==References== | ==References== | ||
Revision as of 09:20, 25 March 2021
Full Title or Meme
Simply put the Authorization Request is sent from one service to another to request for access to a protected resource.
Context
- In the context of Identity Management the Authorization Request is sent by the Relying Party (RP) to an Authorization Endpoint to acquire sufficient information about the user to establish an authenticated communication session.
- The Authorization Request was formally described in OAuth 2.0 to be a collection of query parameters to be added to a URL for exmaple /Auhtorize?parm1=value1& other clam ins as appropriate.
Problems
There are multiple limitations that have been discovered with OAuth 2.,0 since it was created.
- The number of services involved in an Authorization Request were
Solutions
- A series of RFCs on extensions to the Authorization Request were developed during 2020. These are well describe in a presentation for Auth0.
PAR
Authorization Request
RAR
Rich Authorization Request brings more
JAR
Authorization Request
