Privacy/BestPractices/OAuth: Difference between revisions

Jump to navigation Jump to search

Privacy/BestPractices/OAuth (view source)

Revision as of 22:52, 23 May 2011

289 bytes added ,  23 May 2011
→‎Web-based
Line 44: Line 44:


The typical OAuth architecture involves a web-based consumer and a user accessing both the data-host and the consumer services via a typical web browser. The most important property of this setup is that the consumer sits on a controlled server and can easily maintain the secrecy of its authentication credentials.
The typical OAuth architecture involves a web-based consumer and a user accessing both the data-host and the consumer services via a typical web browser. The most important property of this setup is that the consumer sits on a controlled server and can easily maintain the secrecy of its authentication credentials.
OAuth 1.0 is designed around this specific use case (and makes others difficult). OAuth 2.0 calls this the Authorization Code Flow, because when the user approves the data-access, an authorization code is issued, and the data consumer must exchange this code for the actual access token.


=== Device-based ===
=== Device-based ===
BenAdida
668

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/311471"

Navigation menu