Transfer Protocol (HTTP/1.1): Authentication", Work RFC 6750 OAuth 2.0 Bearer Token Usage October 2012 7.2. Recommendation REC-webarch-20041215, December 2004, Web, Volume One", World Wide Web Consortium | |-(A)- Authorization Request ->| Resource | This abstractionĮnables issuing access tokens valid for a short time period, as wellĪs removing the resource server's need to understand a wide range of The access token provides an abstraction, replacing differentĪuthorization constructs (e.g., username and password, assertion) forĪ single token understood by the resource server. Obtain an access token without having to first obtain anĪuthorization grant from a resource owner. In some cases, a client canĭirectly present its own credentials to an authorization server to The client accesses the protected resource by presenting theĪccess token to the resource server. Scope, duration, and other attributes granted by the authorization Grant from the resource owner and then exchange the authorization In the general case, before a client canĪccess a protected resource, it must first obtain an authorization OAuth provides a method for clients to access a protected resource onīehalf of a resource owner. Require a bearer to prove possession of cryptographic key materialĪll other terms are as defined in "The OAuth 2.0 Authorization The token (a "bearer") can use the token in any way that any other Unless otherwise noted, all the protocol parameter names and valuesĪ security token with the property that any party in possession of Resource Identifier (URI): Generic Syntax" : URI-reference. HTTP/1.1 : auth-param and auth-scheme and from "Uniform Additionally, the following rules are included from This document uses the Augmented Backus-Naur Form (ABNF) notation of "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in thisĭocument are to be interpreted as described in "Key words for use in The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", HTTP headers but does not preclude its use for proxy authentication. Server authentication using the WWW-Authenticate and Authorization The Bearer authentication scheme is intended primarily for General HTTP authorization method that can be used with bearer tokensįrom any source to access any resources protected by those bearer
OAuth protected resources, this specification actually defines a Resulting from OAuth 2.0 authorization flows to access While designed for use with access tokens Specification other specifications may extend this specification for
TLS is mandatory to implement and use with this
using Transport Layer Security (TLS) to access This specification defines the use of bearer tokens over HTTP/1.1 The OAuth access token is a bearer token.
PERFECTLY CLEAR 2.0 HOW TO
Specification describes how to make protected resource requests when The client uses the access token toĪccess the protected resources hosted by the resource server. Tokens are issued to clients by an authorization server with theĪpproval of the resource owner. OAuth enables clients to access protected resources by obtaining anĪccess token, which is defined in "The OAuth 2.0 Authorizationįramework" as "a string representing an accessĪuthorization issued to the client", rather than using the resource RFC 6750 OAuth 2.0 Bearer Token Usage October 2012ġ. The Trust Legal Provisions and are provided without warranty as
PERFECTLY CLEAR 2.0 LICENSE
Include Simplified BSD License text as described in Section 4.e of
PERFECTLY CLEAR 2.0 CODE
Code Components extracted from this document must Please review these documentsĬarefully, as they describe your rights and restrictions with respect This document is subject to BCP 78 and the IETF Trust's Legal Information about the current status of this document, any errata,Īnd how to provide feedback on it may be obtained atĬopyright (c) 2012 IETF Trust and the persons identified as the Internet Standards is available in Section 2 of RFC 5741. Internet Engineering Steering Group (IESG). Received public review and has been approved for publication by the It represents the consensus of the IETF community. This document is a product of the Internet Engineering Task Force This is an Internet Standards Track document. Protected from disclosure in storage and in transport. To prevent misuse, bearer tokens need to be The associated resources (without demonstrating possession of aĬryptographic key). Possession of a bearer token (a "bearer") can use it to get access to Requests to access OAuth 2.0 protected resources. This specification describes how to use bearer tokens in HTTP The OAuth 2.0 Authorization Framework: Bearer Token Usage
Updated by: 8996 Errata Exist Internet Engineering Task Force (IETF) M. RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
0 kommentar(er)
