...
Grant Type: Authorization Code Grant flow
Access Token Type: JWT for Web and desktop clients; opaque token for mobile applications that operate off the CDC network
...
Authorization Server: CDC SAMS OAuth Service
Grant Type: Authorization Code Grant flow
Access Token Type: JWT for CDC-hosted Web clients; opaque token for Web, desktop and mobile applications that operate off the CDC network
...
Authorization Server: CDC SAMS OAuth Service
Grant Type: Authorization Code Grant flow
Access Token Type: opaque token for Web, desktop and mobile applications
...
Authorization Server: CDC SAMS OAuth Service
Grant Type: Client Resource Owner Credentials Grant flow
Access Token Type: JWT
Autonomous External Client
...
Resource Server: CDC service providing functionality of interest
Client: ParnetPartner-owned autonomous server application
Authorization Server: CDC SAMS OAuth Service
Grant Type: Client Resource Owner Credentials Grant flow
Access Token Type: opaque
Authenticating Chained Protected Resource Requests
...
It is recommended that clients and resource servers use existing OAuth libraries rather than re-implementing OAuth flows and token processing from scratch. RFCs 6749 and 6819 include extensive security considerations important to implementing OAuth in a secure manner, use of an existing, well regarded, OAuth library is a good first step to ensuring that OAuth is implemented in a secure fashion. A list of OAuth implementations is maintained on the OAuth Web site.
Authorizing Resource Requests
Authorization decisions can be based upon one or more of the following:
- Resource owner attributes
- Resource owner roles
- Access token scopes
It is the responsibility of each service owner to develop a suitable authorization approach and to work with the SAMS team to ensure that the metadata needed for authorization decisions is available via the appropriate OAuth flows.
References
The OAuth 2.0 Authorization Framework: https://tools.ietf.org/html/rfc6749
...