Difference between revisions of "OAuth 2.0"
From MgmtWiki
(→References) |
(→Problems) |
||
Line 7: | Line 7: | ||
==Problems== | ==Problems== | ||
* OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices.<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref> | * OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices.<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref> | ||
+ | * It is still just a collection of parts that can be configured in a wide variety of combinations. | ||
==Solutions== | ==Solutions== |
Revision as of 10:33, 30 July 2018
Full Title or Meme
The OAuth 2.0 Authorization Framework
Context
In OAuth 2.0
Problems
- OAuth 2.0 still depends on shared secrets between services on Web Sites and other internet devices.[1]
- It is still just a collection of parts that can be configured in a wide variety of combinations.
Solutions
References
- RFC 6749 The OAuth 2.0 Authorization Framework specification
- RFC 8252 OAuth 2.0 for Native Apps Specification