Difference between revisions of "Grant"
From MgmtWiki
(→Solutions) |
(→Context) |
||
Line 4: | Line 4: | ||
==Context== | ==Context== | ||
In [[OAuth 2.0]] an authorization grant is defined as: | In [[OAuth 2.0]] an authorization grant is defined as: | ||
− | + | <blockquote>An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types -- authorization code, implicit, resource owner password credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.</blockquote> | |
− | |||
− | |||
Later use extended grant types to include authorization for users to get access to [[Resource]]s as well as [[User Consent]] for a [[Relying Party]] to access [[User Information]]. | Later use extended grant types to include authorization for users to get access to [[Resource]]s as well as [[User Consent]] for a [[Relying Party]] to access [[User Information]]. |
Revision as of 11:30, 2 October 2018
Full Title or Meme
An Authorization Grant is a specific structure that gives some entity on the internet authorization to access a Resource.
Context
In OAuth 2.0 an authorization grant is defined as:
An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types -- authorization code, implicit, resource owner password credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.
Later use extended grant types to include authorization for users to get access to Resources as well as User Consent for a Relying Party to access User Information.
Problems
Once an Authorization Grant is issued as a Bearer Token is no practical way to Revoke it.
Solutions
- Give Authorization Grants a short life time, like 5 to 10 minuets, which could create problems for long running interactions with a Subject.