The OAuth 2.0 Authorization Framework: Bearer Token Usage

نویسندگان

  • Michael B. Jones
  • Dick Hardt
چکیده

This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication.

متن کامل

Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

This specification defines the use of a Security Assertion Markup Language (SAML) 2.0 Bearer Assertion as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication.

متن کامل

Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint, as well as general processing rules. The intent of this specification is to provide a common framework for OAuth 2.0 to interwork w...

متن کامل

The OAuth 2.0 Authorization Framework

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described...

متن کامل

Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the application of BCM Principles

OAuth 2.0 Authorization Framework, while achieved an extremely large adoption, has been exposed to various attacks and a number of additional specifications to patch the problem has been created. It is expected that other attacks would come in the future requiring yet another patch specification. To avoid such future problems, a more systematic approach is needed. This paper attempts to do it b...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • RFC

دوره 6750  شماره 

صفحات  -

تاریخ انتشار 2012