Difference between revisions of "OAuth 2.0"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
Line 6: Line 6:
  
 
==Problems==
 
==Problems==
* OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices.<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref> While most sites are protected by public key certificates, at least until quantum computing arrives.
+
* OAuth 2.0 still depends on shared secrets between services on [[Web Site]]s and other internet devices;<ref>Justin Richer, ''What's Wrong With OAuth 2?'' https://twitter.com/justin__richer/status/1023738139200778240</ref> while most sites are protected by public key certificates, at least until quantum computing arrives.
 
* It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.
 
* It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.
  

Revision as of 11:39, 30 July 2018

Full Title or Meme

The OAuth 2.0 Authorization Framework

Context

In OAuth 2.0

Problems

  • OAuth 2.0 still depends on shared secrets between services on Web Sites and other internet devices;[1] while most sites are protected by public key certificates, at least until quantum computing arrives.
  • It is still just a collection of parts that can be configured in a wide variety of combinations; most of which are not particularly secure.

Solutions

References

  1. RFC 6749 The OAuth 2.0 Authorization Framework specification
  2. RFC 8252 OAuth 2.0 for Native Apps Specification
    1. Justin Richer, What's Wrong With OAuth 2? https://twitter.com/justin__richer/status/1023738139200778240
    Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=OAuth_2.0&oldid=1619"