Difference between revisions of "Authorization Code"
From MgmtWiki
(→Full Title or Meme) |
(→Solutions) |
||
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
| − | Information passed from an [[Identifier or Attribute Provider]] to a [[Relying Party]] to indicate that the [[user]] has consented to authorized access to [[User Information] | + | Information passed from an [[Identifier or Attribute Provider]] to a [[Relying Party]] to indicate that the [[user]] has consented to authorized access to [[User Information]]. |
==Context== | ==Context== | ||
| Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
| + | Provide access to [[User Information]] in order to enable the [[user]] to obtain the access desired to some internet [[Resource]]. | ||
==Solutions== | ==Solutions== | ||
| + | Based on a protocol selection of [[OpenID Connect]] or [[OAuth 2.0]], the full solution is described in the [[Identity Model]]. | ||
| + | |||
| + | This is the definition in RFC 6749 ''The OAuth 2.0 Authorization Framework''. In this case the ''authorization server'' is one end point in the [[Identifier or Attribute Provider]]. | ||
| + | |||
| + | The authorization code is obtained by using an authorization server | ||
| + | as an intermediary between the client and resource owner. Instead of | ||
| + | requesting authorization directly from the resource owner, the client | ||
| + | directs the resource owner to an authorization server (via its | ||
| + | [[User Agent]] as defined in [RFC 2616]), which in turn directs the | ||
| + | resource owner back to the client with the authorization code. | ||
| + | |||
| + | Other protocols, like [[SAML 2.0]] are also available. | ||
==References== | ==References== | ||
| Line 13: | Line 26: | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
| + | [[Category:Authorization]] | ||
Latest revision as of 20:45, 31 August 2018
Full Title or Meme
Information passed from an Identifier or Attribute Provider to a Relying Party to indicate that the user has consented to authorized access to User Information.
Context
The context is an internet flow of Authorization as consented by the User.
Problems
Provide access to User Information in order to enable the user to obtain the access desired to some internet Resource.
Solutions
Based on a protocol selection of OpenID Connect or OAuth 2.0, the full solution is described in the Identity Model.
This is the definition in RFC 6749 The OAuth 2.0 Authorization Framework. In this case the authorization server is one end point in the Identifier or Attribute Provider.
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its User Agent as defined in [RFC 2616]), which in turn directs the resource owner back to the client with the authorization code.
Other protocols, like SAML 2.0 are also available.
