ict.ken.be

Delivering solid user friendly software solutions since the dawn of time.

OAuth 2.0 Vocabulary

Categories: Security

by Ryan Boyd

Why not username & password?

  • Trust
  • Decreased user sensitivity to phising
  • Expand access & risk
  • Limited reliability
  • Revocation challenges
  • Passwords become required
  • Difficulty implementing stronger authentication

Authentication & Authorization

  • Authentication: verify the identity of the user
  • Federated Authentication: rely on other services to do the authentication (openID connect on top of OAuth 2.0)
  • Authorization: right to perform some action
  • Delegated authorization: granting access to another person or application to perform actions on your behalf

Roles

  • Resource server: server containing the protected data
  • Resource owner: user that has ability to grant access to the server
  • Client: application making api requests to perform actions on server
  • Authorization server: gets consent from resource owner and issues access tokens to clients for accessing protected resources