Академический Документы
Профессиональный Документы
Культура Документы
Objectives
Oauth2
Openid Connect
Tokens (access, id/ bearer,jwt)
https://tools.ietf.org/html/rfc6749 - Oauth2
http://openid.net/specs/openid-connect-core-1_0.html - Openid Connect
Oauth2
Resource Server
the server hosting the protected resources
this is the API you want to access
Authorization Server
the server that authenticates the Resource Owner
issues access tokens after getting proper authorization
Openid Connect
new emerging standard for single sign-on and identity provision on the
internet
formula for success:
simple JSON-based identity tokens (JWT),
delivered via the OAuth 2.0 protocol
Supports:
Web
browser-based
native / mobile apps
JSON Web Token
https://tools.ietf.org/html/rfc7519
Claim
Information about subject
Pair Claim name : claim value
JWT
Header
Type
Signature algorithm
Set of claims
Signature
Implicit Flow
Authorization Request
Authenticate
Credentials+consent
resource
Authorization Code Flow
browser)
Authorization Request
Server authorization_code
Exchange(authorization_code)
id_token, access_token
resource
Resource Owner Password Grant
Authorization Request
Authenticate
access token
resource
Client Credentials
Client credentials
access token
validate tokens
resource
Decision
Client == Resource YES Client Credentials
Owner ?
NO
NO
Client absolutely
Resource Owner
trusted to handle user YES
Password Grant
credentials ?
NO