watermark logo

Oauth roles

5 Views
admin
admin
03 Dec 2019

Roles in Oauth, Client registration process.

Please watch the entire video and you might learn something new.
If you have any suggesstion,feedback or query please feel free to reach us learnconceptswork@gmail.com

Also please find the details of the client types available in Oauth.

Client Types

OAuth defines two client types, based on their ability to
authenticate securely with the authorization server (i.e., ability to
maintain the confidentiality of their client credentials):

confidential
Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.

public
Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
resource owner, such as an installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.

The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure
levels of client credentials. The authorization server SHOULD NOT
make assumptions about the client type.

A client may be implemented as a distributed set of components, each
with a different client type and security context (e.g., a
distributed client with both a confidential server-based component
and a public browser-based component). If the authorization server
does not provide support for such clients or does not provide
guidance with regard to their registration, the client SHOULD
register each component as a separate client.

Oauth RFC - https://tools.ietf.org/html/rfc6749#section-3.1.2


Regards,
Conceptswork

Show more

0 Comments Sort By

No comments found

Facebook Comments

Up next