Two-legged OAuth processing involves three parties: OAuth client, authorization server, and resource server. The OAuth client can be either the resource owner or the trusted entity that knows about the credentials of the resource owner. In other words, two-legged OAuth processing does not involve additional resource owner interaction.

Two-legged OAuth processing requires a grant type of resource owner password credential or client credentials.

The typical flow for two-legged OAuth processing involves the following activities:

  1. An OAuth client initiates a request with an authorization server and receives an access token.
  2. The OAuth client uses the access token to access protected resources on the resource server.
The following figure shows the two-legged OAuth processing flow.Figure 1. Two-legged OAuth processing flow
 
 
 

Three-legged OAuth processing involves four parties: resource owner, OAuth client, authorization server, and resource server. In other words, three-legged OAuth is a traditional pattern with resource owner interaction. In this case, a resource owner wants to give a client access to a server without sharing credentials.

Three-legged OAuth processing requires a grant type of authorization code.

In the three-legged OAuth flow, the client ID is a unique identifier for an OAuth client. The OAuth client uses its client ID and client secret or its client ID and client certificate to provide identity and optionally the credentials. In the specification, the client ID is client_id and client secret is client_secret. When you define an OAuth client profile for DataPower integration, the configured name is the client ID.

The typical flow for three-legged OAuth processing involves the following activities:

  1. A user, as the resource owner, initiates a request to the OAuth client.
  2. The OAuth client sends the resource owner a redirection to the authorization server.
  3. The resource owner authenticates and optionally authorizes with the authorization server.
  4. The authorization server presents a form to the resource owner to grant access.
  5. The resource owner submits the form to allow or to deny access.
  6. Based on the response from the resource owner, the following processing occurs:
    • If the resource owner allows access, the authorization server sends the OAuth client a redirection with the authorization grant code or the access token.
    • If the resource owner denies access, the request is redirected to the OAuth client but no grant is provided.
  7. The OAuth client sends the following information to the token endpoint (authorization server).
    • Authorization grant code
    • Client ID
    • Client secret or client certificate
  8. If verified, the authorization server sends the OAuth client an access token and optionally a refresh token.
  9. The OAuth client sends the access token to the resource server to request protected resources.
  10. If the access token is valid for the requested resources, the OAuth client can access the protected resources.
The following figure shows the three-legged OAuth processing flow.Figure 1. Three-legged OAuth processing flow
 

two legged and three legged OAuth flow的更多相关文章

  1. OAuth 2.0 for MVC, Two Legged Implementation

    OAuth 2.0 for MVC, Two Legged Implementation tdupont  Fri, Mar 18 2011 9:30 AM  13 OAuth 1.0 was one ...

  2. Authentication with SignalR and OAuth Bearer Token

    Authentication with SignalR and OAuth Bearer Token Authenticating connections to SignalR is not as e ...

  3. WP REST API: 设置和使用OAuth 1.0a Authentication(原文)

    In the previous part of the series, we set up basic HTTP authentication on the server by installing ...

  4. HTTP API 认证授权术

    原文:https://coolshell.cn/articles/19395.html 我们知道,HTTP是无状态的,所以,当我们需要获得用户是否在登录的状态时,我们需要检查用户的登录状态,一般来说, ...

  5. 使用AWS亚马逊云搭建Gmail转发服务(一)

    title: 使用AWS亚马逊云搭建Gmail转发服务(一) author:青南 date: 2014-12-30 15:41:35 categories: Python tags: [Gmail,A ...

  6. ANDROID_MARS学习笔记_S04_008_用Listview、自定义adapter显示返回的微博数据

    一.简介 运行结果 二.代码1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"? ...

  7. ANDROID_MARS学习笔记_S04_007_从服务器获取微博数据时间线

    一.代码 1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"?> < ...

  8. ANDROID_MARS学习笔记_S04_006_用获取access_token,access_token_secrect

    一.代码流程 1.MainActivity会开启PrepareRequestTokenActivity 2.PrepareRequestTokenActivity会根据配置文件的CONSUMER_KE ...

  9. ANDROID_MARS学习笔记_S04_005_用sing-post向腾讯微博发一条信息

    一.代码流程 1.组织好sign-post需要的token,secrect 2.组织好发微博需要的信息 3.用sign-post进行签名 4.把签名结果从header中拿出来,转成entity,用ht ...

  10. 如何用Python从本地将一个文件备份到Google Drive

    1.要有一个Google App账号: 这个可以上网上去申请,申请地址为:https://developers.google.com/appengine/?hl=zh-cn 2.创建一个Google ...

随机推荐

  1. 矢量篇 - KML&KMZ转SHP

    @ 20240908 & lth 目标:从kml或kmz带属性转成shp 逻辑:主要是对kml的description字段的处理,他的格式是html的 目前我搜了一下没有现成的工具,要想将km ...

  2. 【URP】Shader绘制棋盘格对比内置管线

    以绘制棋盘格为例,对比内置管线和URP中的Shader异同. [从UnityURP开始探索游戏渲染]专栏-直达 异同简述 面板属性定义Properties一样的 Tags主要区别在于RenderPip ...

  3. 奇葩的题目的奇葩题解-colopl2018_final_b

    题目重述: 其实就是一个奇葩的前缀表达式(类似),让你转换为正常入可以康懂的格式(中缀表达式),但是这个式子和前缀表达式的区别如下: 有新符号就更新,直到出了这个括号(遇到')'了),就把最新的踢出去 ...

  4. 剑指offer-28、数组中出现次数超过⼀半的数字

    题⽬描述 数组中有⼀个数字出现的次数超过数组⻓度的⼀半,请找出这个数字.例如输⼊⼀个⻓度为 9 的数组 {1,2,3,2,2,2,5,4,2} .由于数字 2 在数组中出现了 5 次,超过数组⻓度的⼀ ...

  5. 了解GC吗?什么是GC?

    GC是什么?为什么要GC? GC( Garbage Collection ),垃圾回收,是Java与C++的主要区别之一.作为Java开发者,一般不需要专门编写内存回收和垃圾清理代码.这是因为在Jav ...

  6. 支持多存储方式的开源文件列表程序:OpenList

    在日常工作与生活中,许多用户需要管理分散在不同平台的文件,比如本地存储的文档.阿里云盘中的备份资料.OneDrive 里的工作文件以及 Google Drive 中的学习资源.这些文件存储在不同地方, ...

  7. NDK开发与实践(入门篇·微课视频版)

    9.3 DirectBuffer的使用场景 当使用byte[]数组时,Java代码需要将数据从Java堆复制到原生内存(例如,通过JNI的SetByteArrayRegion()或GetByteArr ...

  8. C6670软件无线电核心板学习资料第501篇:基于TMS320C6670的软件无线电核心板 高速信号处理 软件无线电

    基于TMS320C6670的软件无线电核心板 一.板卡概述 北京太速科技自主研发的TMS320C6670核心板,采用TI KeyStone系列的四核定点/浮点DSP TMS320C6670作主处理器. ...

  9. O(1) Dfs 序 LCA

    Dfs 序 LCA 普通倍增求 LCA 的时代早已过去!时空大常数并且代码大坨的四毛子树和 Tarjian 的光辉渐渐褪去.新的时代,就要有新的 LCA 求法!dfn 序求 LCA,同时兼备码量巨小, ...

  10. P8260 [CTS2022] 燃烧的呐球

    P8260 [CTS2022] 燃烧的呐球 题意 已知 \(n\) 个顶点的有根树,以及 \(m\) 个二元组 \((x_i,y_i)\),其中 \(x_i,y_i\) 是树的顶点. 对于树的顶点 \ ...