Two-legged OAuth processing involves three parties: OAuth client, authorization server, and resource server. The OAuth client can be either the resource owner or the trusted entity that knows about the credentials of the resource owner. In other words, two-legged OAuth processing does not involve additional resource owner interaction.

Two-legged OAuth processing requires a grant type of resource owner password credential or client credentials.

The typical flow for two-legged OAuth processing involves the following activities:

  1. An OAuth client initiates a request with an authorization server and receives an access token.
  2. The OAuth client uses the access token to access protected resources on the resource server.
The following figure shows the two-legged OAuth processing flow.Figure 1. Two-legged OAuth processing flow
 
 
 

Three-legged OAuth processing involves four parties: resource owner, OAuth client, authorization server, and resource server. In other words, three-legged OAuth is a traditional pattern with resource owner interaction. In this case, a resource owner wants to give a client access to a server without sharing credentials.

Three-legged OAuth processing requires a grant type of authorization code.

In the three-legged OAuth flow, the client ID is a unique identifier for an OAuth client. The OAuth client uses its client ID and client secret or its client ID and client certificate to provide identity and optionally the credentials. In the specification, the client ID is client_id and client secret is client_secret. When you define an OAuth client profile for DataPower integration, the configured name is the client ID.

The typical flow for three-legged OAuth processing involves the following activities:

  1. A user, as the resource owner, initiates a request to the OAuth client.
  2. The OAuth client sends the resource owner a redirection to the authorization server.
  3. The resource owner authenticates and optionally authorizes with the authorization server.
  4. The authorization server presents a form to the resource owner to grant access.
  5. The resource owner submits the form to allow or to deny access.
  6. Based on the response from the resource owner, the following processing occurs:
    • If the resource owner allows access, the authorization server sends the OAuth client a redirection with the authorization grant code or the access token.
    • If the resource owner denies access, the request is redirected to the OAuth client but no grant is provided.
  7. The OAuth client sends the following information to the token endpoint (authorization server).
    • Authorization grant code
    • Client ID
    • Client secret or client certificate
  8. If verified, the authorization server sends the OAuth client an access token and optionally a refresh token.
  9. The OAuth client sends the access token to the resource server to request protected resources.
  10. If the access token is valid for the requested resources, the OAuth client can access the protected resources.
The following figure shows the three-legged OAuth processing flow.Figure 1. Three-legged OAuth processing flow
 

two legged and three legged OAuth flow的更多相关文章

  1. OAuth 2.0 for MVC, Two Legged Implementation

    OAuth 2.0 for MVC, Two Legged Implementation tdupont  Fri, Mar 18 2011 9:30 AM  13 OAuth 1.0 was one ...

  2. Authentication with SignalR and OAuth Bearer Token

    Authentication with SignalR and OAuth Bearer Token Authenticating connections to SignalR is not as e ...

  3. WP REST API: 设置和使用OAuth 1.0a Authentication(原文)

    In the previous part of the series, we set up basic HTTP authentication on the server by installing ...

  4. HTTP API 认证授权术

    原文:https://coolshell.cn/articles/19395.html 我们知道,HTTP是无状态的,所以,当我们需要获得用户是否在登录的状态时,我们需要检查用户的登录状态,一般来说, ...

  5. 使用AWS亚马逊云搭建Gmail转发服务(一)

    title: 使用AWS亚马逊云搭建Gmail转发服务(一) author:青南 date: 2014-12-30 15:41:35 categories: Python tags: [Gmail,A ...

  6. ANDROID_MARS学习笔记_S04_008_用Listview、自定义adapter显示返回的微博数据

    一.简介 运行结果 二.代码1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"? ...

  7. ANDROID_MARS学习笔记_S04_007_从服务器获取微博数据时间线

    一.代码 1.xml(1)activity_main.xml <?xml version="1.0" encoding="utf-8"?> < ...

  8. ANDROID_MARS学习笔记_S04_006_用获取access_token,access_token_secrect

    一.代码流程 1.MainActivity会开启PrepareRequestTokenActivity 2.PrepareRequestTokenActivity会根据配置文件的CONSUMER_KE ...

  9. ANDROID_MARS学习笔记_S04_005_用sing-post向腾讯微博发一条信息

    一.代码流程 1.组织好sign-post需要的token,secrect 2.组织好发微博需要的信息 3.用sign-post进行签名 4.把签名结果从header中拿出来,转成entity,用ht ...

  10. 如何用Python从本地将一个文件备份到Google Drive

    1.要有一个Google App账号: 这个可以上网上去申请,申请地址为:https://developers.google.com/appengine/?hl=zh-cn 2.创建一个Google ...

随机推荐

  1. Why框架的突破,对英伟达和华为的影响

    ECT-OS-JiuHuaShan/ORCID:0009-0006-8591-1892 ▮ 检测到产业影响分析请求 ▮ 启动「生态博弈推演」协议 核心论断:Why框架重构算力竞争本质 ECT-OS-J ...

  2. RTSP/Onvif摄像机web直播遇到的时间戳问题导致的卡顿解决方案

    监控摄像头网络直播 越来越多人的开始讲普通安防摄像机接入网络流媒体服务器,进行网络直播.这方面的解决方案比较多,最近测试了一个比较好的解决方案:LiveGBS.这个就是实现接入普通安防摄像机,转成RT ...

  3. P1495 【模板】中国剩余定理(CRT)/ 曹冲养猪

    P1495 [模板]中国剩余定理(CRT)/ 曹冲养猪 题解 题目分析 本题要求解一系列同余式的最小非负整数解,形式如下: \[x ≡ \tt r_1 (mod $\tt m_1$) x ≡ \tt ...

  4. U3DFrameWorkDemo:六、网络

    代码参考 代码文件参考下述详解的类图,工程参考第零章工程说明 概述 在多人联机游戏中,大多采用前.后台的架构,前台多表现相关,后台则多交互.资产相关.网络消息的传递其实是由系统内核完成的,大多语言封装 ...

  5. USB3.0降速/不稳定,或由于其配置信息(注册表中的)不完整或已损坏,Windows 无法启动这个硬件设备(代码 19)

    在设备管理器的usb设备的属性中,显示提示"由于其配置信息(注册表中的)不完整或已损坏,Windows 无法启动这个硬件设备".注册表坏了.经过查询,解决方法如下: 方法:打开注册 ...

  6. 效率翻倍新技能:JDK8后的新特性

    以下是 JDK 8 至 JDK 21 中最具实用性的新特性整理,涵盖语言特性.工具类增强.性能优化等方向,附代码示例和注释说明: 一.JDK 8(2014):函数式编程与现代化API JDK 8 是 ...

  7. DesignWareBuildingBlock IP的仿真与综合

    感谢一下同学的协助,跑通了一个case. IP核调用 dw_fp_mac.sv module dw_fp_mac( inst_a, inst_b, inst_c, inst_rnd, z_inst, ...

  8. 23年5.12流片delay复盘

    原定5.9提交数据,因为一些原因9号没来得及完成,遂申请延期到12号,但因为一些突发情况,12号的班车也赶不上了.先痛定思痛,对此次失败做如下总结: 1. 管理 时间规划上过度乐观,规划时仅给完整版图 ...

  9. Windows下面查看python安装路径的快捷方法

    在Windows(Win10-Win11)下面,查看python的安装路径,比较快捷的方法是: 打开CMD窗口,运行 where python 便可以查看python安装路径,不同机器不一样:C:\U ...

  10. CF1710D Recover the Tree

    CF1710D Recover the Tree 题意 根据题意构造出一棵合法的树. 有 \(n\) 个点.\(a_{i,j}=\{0,1\},i \le j\) 表示编号在 \([i,j]\) 的点 ...