Difference between revisions of "Grant"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Context)
Line 4: Line 4:
 
==Context==
 
==Context==
 
In [[OAuth 2.0]] an authorization grant is defined as:
 
In [[OAuth 2.0]] an authorization grant is defined as:
  An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the
+
<blockquote>An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token.  This specification defines four grant types -- authorization code, implicit, resource owner password credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.</blockquote>
  client to obtain an access token.  This specification defines four grant types -- authorization code, implicit, resource owner password
 
  credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.
 
  
 
Later use extended grant types to include authorization for users to get access to [[Resource]]s as well as [[User Consent]] for a [[Relying Party]] to access [[User Information]].
 
Later use extended grant types to include authorization for users to get access to [[Resource]]s as well as [[User Consent]] for a [[Relying Party]] to access [[User Information]].

Revision as of 11:30, 2 October 2018

Full Title or Meme

An Authorization Grant is a specific structure that gives some entity on the internet authorization to access a Resource.

Context

In OAuth 2.0 an authorization grant is defined as:

An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types -- authorization code, implicit, resource owner password credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.

Later use extended grant types to include authorization for users to get access to Resources as well as User Consent for a Relying Party to access User Information.

Problems

Once an Authorization Grant is issued as a Bearer Token is no practical way to Revoke it.

Solutions

  1. Give Authorization Grants a short life time, like 5 to 10 minuets, which could create problems for long running interactions with a Subject.

References