Difference between revisions of "Authorization Code"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
Line 17: Line 17:
 
   requesting authorization directly from the resource owner, the client
 
   requesting authorization directly from the resource owner, the client
 
   directs the resource owner to an authorization server (via its
 
   directs the resource owner to an authorization server (via its
   [[User Agent]] as defined in [RFC2616]), which in turn directs the
+
   [[User Agent]] as defined in [RFC 2616]), which in turn directs the
 
   resource owner back to the client with the authorization code.
 
   resource owner back to the client with the authorization code.
  

Revision as of 13:01, 8 July 2018

Full Title or Meme

Information passed from an Identifier or Attribute Provider to a Relying Party to indicate that the user has consented to authorized access to User Information.

Context

The context is an internet flow of Authorization as consented by the User.

Problems

Provide access to User Information in order to enable the user to obtain the access desired to some internet Resource.

Solutions

Based on the protocol selection of OpenID Connect or OAuth, the full solution is described in the Identity Model.

This is the definition in RFC 6749 The OAuth 2.0 Authorization Framework.

  The authorization code is obtained by using an authorization server
  as an intermediary between the client and resource owner.  Instead of
  requesting authorization directly from the resource owner, the client
  directs the resource owner to an authorization server (via its
  User Agent as defined in [RFC 2616]), which in turn directs the
  resource owner back to the client with the authorization code.

Other protocols, like SAML are also available.

References