...
Authorization Server: CDC SAMS OAuth Service
Grant Type: Client Resource Owner Credentials Grant flow
Access Token Type: JWT
...
Resource Server: CDC service providing functionality of interest
Client: ParnetPartner-owned autonomous server application
Authorization Server: CDC SAMS OAuth Service
Grant Type: Client Resource Owner Credentials Grant flow
Access Token Type: opaque
...
It is recommended that clients and resource servers use existing OAuth libraries rather than re-implementing OAuth flows and token processing from scratch. RFCs 6749 and 6819 include extensive security considerations important to implementing OAuth in a secure manner, use of an existing, well regarded, OAuth library is a good first step to ensuring that OAuth is implemented in a secure fashion. A list of OAuth implementations is maintained on the OAuth Web site.
Authorizing Resource Requests
Authorization decisions can be based upon one or more of the following:
- Resource owner attributes
- Resource owner roles
- Access token scopes
It is the responsibility of each service owner to develop a suitable authorization approach and to work with the SAMS team to ensure that the metadata needed for authorization decisions is available via the appropriate OAuth flows.
References
The OAuth 2.0 Authorization Framework: https://tools.ietf.org/html/rfc6749
...