Enterprise OAuth2 and Open ID Connect
1. Federated user
a single user identity used by all the applications
2. SAML flow
3. What is OAuth2
4. Opaque token
need verify access token with authorization server every time
5. JWT token
The resource server can verify the signed JWT token by itself, with the public signer
Auth code is on the front channal but it expires a few mins, access token is on the back channel
7. Grant type - Implicit
Return the access token from the front channel directly - could be stolen, deprecated
8. Grant type - Client credentials
8. Grant type - Client credentials
Pretty simple, no resource owner/browser agent.
9. Grant Type - ROPC
Resource Owner Password Credential - deprecated, need the client application and the resource server are the same organization (client application is third party) as the password is exposed to the client application. For example, shutterfly cannot use this grant type.
10. OpenID
No comments:
Post a Comment