Two-legged OAuth processing involves three parties: OAuth client, authorization server, and resource server. The OAuth client can be either the resource owner or the trusted entity that knows about the credentials of the resource owner. In other words, two-legged OAuth processing does not involve additional resource owner interaction.

Two-legged OAuth processing requires a grant type of resource owner password credential or client credentials.

The typical flow for two-legged OAuth processing involves the following activities:

  1. An OAuth client initiates a request with an authorization server and receives an access token.
  2. The OAuth client uses the access token to access protected resources on the resource server.
The following figure shows the two-legged OAuth processing flow.Figure 1. Two-legged OAuth processing flow
 
 
 

Three-legged OAuth processing involves four parties: resource owner, OAuth client, authorization server, and resource server. In other words, three-legged OAuth is a traditional pattern with resource owner interaction. In this case, a resource owner wants to give a client access to a server without sharing credentials.

Three-legged OAuth processing requires a grant type of authorization code.

In the three-legged OAuth flow, the client ID is a unique identifier for an OAuth client. The OAuth client uses its client ID and client secret or its client ID and client certificate to provide identity and optionally the credentials. In the specification, the client ID is client_id and client secret is client_secret. When you define an OAuth client profile for DataPower integration, the configured name is the client ID.

The typical flow for three-legged OAuth processing involves the following activities:

  1. A user, as the resource owner, initiates a request to the OAuth client.
  2. The OAuth client sends the resource owner a redirection to the authorization server.
  3. The resource owner authenticates and optionally authorizes with the authorization server.
  4. The authorization server presents a form to the resource owner to grant access.
  5. The resource owner submits the form to allow or to deny access.
  6. Based on the response from the resource owner, the following processing occurs:
    • If the resource owner allows access, the authorization server sends the OAuth client a redirection with the authorization grant code or the access token.
    • If the resource owner denies access, the request is redirected to the OAuth client but no grant is provided.
  7. The OAuth client sends the following information to the token endpoint (authorization server).
    • Authorization grant code
    • Client ID
    • Client secret or client certificate
  8. If verified, the authorization server sends the OAuth client an access token and optionally a refresh token.
  9. The OAuth client sends the access token to the resource server to request protected resources.
  10. If the access token is valid for the requested resources, the OAuth client can access the protected resources.
The following figure shows the three-legged OAuth processing flow.Figure 1. Three-legged OAuth processing flow
 

two legged and three legged OAuth flow的更多相关文章

  1. OAuth 2.0 for MVC, Two Legged Implementation

    OAuth 2.0 for MVC, Two Legged Implementation tdupont  Fri, Mar 18 2011 9:30 AM  13 OAuth 1.0 was one ...

  2. Authentication with SignalR and OAuth Bearer Token

    Authentication with SignalR and OAuth Bearer Token Authenticating connections to SignalR is not as e ...

  3. WP REST API: 设置和使用OAuth 1.0a Authentication(原文)

    In the previous part of the series, we set up basic HTTP authentication on the server by installing ...

  4. HTTP API 认证授权术

    原文:https://coolshell.cn/articles/19395.html 我们知道,HTTP是无状态的,所以,当我们需要获得用户是否在登录的状态时,我们需要检查用户的登录状态,一般来说, ...

  5. 使用AWS亚马逊云搭建Gmail转发服务(一)

    title: 使用AWS亚马逊云搭建Gmail转发服务(一) author:青南 date: 2014-12-30 15:41:35 categories: Python tags: [Gmail,A ...

  6. ANDROID_MARS学习笔记_S04_008_用Listview、自定义adapter显示返回的微博数据

    一.简介 运行结果 二.代码1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"? ...

  7. ANDROID_MARS学习笔记_S04_007_从服务器获取微博数据时间线

    一.代码 1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"?> < ...

  8. ANDROID_MARS学习笔记_S04_006_用获取access_token,access_token_secrect

    一.代码流程 1.MainActivity会开启PrepareRequestTokenActivity 2.PrepareRequestTokenActivity会根据配置文件的CONSUMER_KE ...

  9. ANDROID_MARS学习笔记_S04_005_用sing-post向腾讯微博发一条信息

    一.代码流程 1.组织好sign-post需要的token,secrect 2.组织好发微博需要的信息 3.用sign-post进行签名 4.把签名结果从header中拿出来,转成entity,用ht ...

  10. 如何用Python从本地将一个文件备份到Google Drive

    1.要有一个Google App账号: 这个可以上网上去申请,申请地址为:https://developers.google.com/appengine/?hl=zh-cn 2.创建一个Google ...

随机推荐

  1. 【URP】[Unity核心Buffer及其应用]

    [从UnityURP开始探索游戏渲染]专栏-直达 ‌一.核心 Buffer 类型及用途‌ ‌常量缓冲区(Constant Buffer) ‌功能‌ 存储渲染过程中不变的全局数据(如变换矩阵.光照参数. ...

  2. C语言时间转换

    今天讲一下,C语言时间转换题目,即给定秒数 seconds ,把秒转化成小时.分钟和秒. 基础知识 首先梳理一下: 1h=60min=3600s     1min=60s      1s=1/60mi ...

  3. RRAM流片调试心得

    RRAM流片调试心得 去年进行了一次RRAM的流片工作,也是人生第一次流片,一些工作细节不便涉及,但是可以谈谈这次流片以及后续测试中碰到的问题,以便后续查阅. 芯片于UMC完成180nm的CMOS前道 ...

  4. 设计资料:FMCJ453-基于JESD204B的2路1GspsAD 2路1Gsps DA FMC子卡

    一.板卡概述 该子卡是高速AD9152 DAC和AD9680 ADC的FMC板.为客户提供高达2GHz 的可用模拟带宽以及JESD204B接口,以快速地对各种宽带RF应用进行原型制作. 包括1片AD芯 ...

  5. 造纸术(Papermaking technique/Paper Making technics)

    [造纸术简介]    中国四大发明之一,人类文明史上的一项杰出的发明创造.中国是世界上最早养蚕织丝的国家.古人以上等蚕茧抽丝织绸,剩下的恶茧.病茧等则用漂絮法制取丝绵.漂絮完毕,篾席上会遗留一些残絮. ...

  6. 【URP】Unity[视差贴图]原理剖析实践

    [从UnityURP开始探索游戏渲染]专栏-直达 Unity URP 视差贴图介绍与分类 视差贴图(Parallax Mapping)是一种通过动态偏移纹理坐标来模拟表面凹凸效果的渲染技术,主要用于增 ...

  7. Solon v3.4.7, v3.5.6, v3.6.1 发布(国产优秀应用开发框架)

    Solon 框架! Solon 是新一代,Java 企业级应用开发框架.从零开始构建(No Java-EE),有灵活的接口规范与开放生态.采用商用友好的 Apache 2.0 开源协议,是" ...

  8. 基于SpringBoot灾区物资管理系统-项目实战

    文档资料 链接:https://pan.baidu.com/s/1sxHHNxvlo_UXMnPNH0wxlQ?pwd=g2px 提取码:g2px 基于Springboot灾区物资管理系统所提供的文档 ...

  9. 户外P10显示屏厂家口碑榜:TOP3企业技术实力与市场表现深度评测

    在数字户外广告市场快速增长的推动下,P10显示屏作为户外广告传播的重要载体,其产品质量与显示效果直接影响广告传播效果与投资回报. 据2025年行业统计数据显示,中国户外P10显示屏市场规模预计达到42 ...

  10. it技术学习路线图

    https://roadmap.sh/cyber-security https://stackshare.io/ freecodecamp.org   免费学习编程 81% 相似度 w3schools ...