Difference between revisions of "OAuth 2.0"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
Line 7: Line 7:
 
==Problems==
 
==Problems==
 
* OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices.<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref>
 
* OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices.<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref>
* It is still just a collection of parts that can be configured in a wide variety of combinations.
+
* It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.
  
 
==Solutions==
 
==Solutions==

Revision as of 10:34, 30 July 2018

Full Title or Meme

The OAuth 2.0 Authorization Framework

Context

In OAuth 2.0

Problems

  • OAuth 2.0 still depends on shared secrets between services on Web Sites and other internet devices.[1]
  • It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.

Solutions

References

  1. RFC 6749 The OAuth 2.0 Authorization Framework specification
  2. RFC 8252 OAuth 2.0 for Native Apps Specification
    1. Justin Richer, What's Wrong With OAuth 2? https://twitter.com/justin__richer/status/1023738139200778240