OAuth 2.0

From MgmtWiki
Revision as of 10:40, 30 July 2018 by Tom (talk | contribs) (Problems)

Jump to: navigation, search

Full Title or Meme

The OAuth 2.0 Authorization Framework

Context

In OAuth 2.0

Problems

  • OAuth 2.0 still depends on shared secrets between services on Web Sites and other internet devices;[1] while most sites are protected by public keys and certificates, at least until quantum computing arrives.
  • It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.

Solutions

References

  1. RFC 6749 The OAuth 2.0 Authorization Framework specification
  2. RFC 8252 OAuth 2.0 for Native Apps Specification
    1. Justin Richer, What's Wrong With OAuth 2? https://twitter.com/justin__richer/status/1023738139200778240