Thomas Hardjono has a very good blog entry <<Limitations of the OAuth 2.0 definition of “Client”>>. The essence of the entry is that, the definition of…
View More Re: Limitations of the OAuth 2.0 definition of “Client”Category: OAuth
Hyperlinked OAuth
I just published a new I-D on the hyperlinked oauth that I talked at IETF 85. Since it was pointed out that the “_links” member…
View More Hyperlinked OAuth[OAuth] Resource Owner != Client User
I have been preaching this numerous time, but let me do it once more. There seems to be a very common misperception that in OAuth…
View More [OAuth] Resource Owner != Client User
Registered Token Profile for OAuth 2.0
So, ID Token in OpenID connect is audience restricted to the client while the OAuth bearer access token is audience restricted to the protected resource.…
View More Registered Token Profile for OAuth 2.0
OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)
So, OpenID Connect provides a lot of advanced facilities to fulfill so many additional feature requested by the member community. It indeed is full of…
View More OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)
You must be logged in to post a comment.