Versions Compared

Old Version 25

changes.mady.by.user Vishweshwar Patlolla

Saved on

compared with

New Version Current

changes.mady.by.user Marc Hadley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed grant type for autonomous clients. Add section on authorizing requests.

...

Authorization Server: CDC SAMS OAuth Service

Grant Type: Client Resource Owner Credentials Grant flow

Access Token Type: JWT

...

Resource Server: CDC service providing functionality of interest

Client: ParnetPartner-owned autonomous server application

Authorization Server: CDC SAMS OAuth Service

Grant Type: Client Resource Owner Credentials Grant flow

Access Token Type: opaque

...

It is recommended that clients and resource servers use existing OAuth libraries rather than re-implementing OAuth flows and token processing from scratch. RFCs 6749 and 6819 include extensive security considerations important to implementing OAuth in a secure manner, use of an existing, well regarded, OAuth library is a good first step to ensuring that OAuth is implemented in a secure fashion. A list of OAuth implementations is maintained on the OAuth Web site.

Authorizing Resource Requests

Authorization decisions can be based upon one or more of the following:

  • Resource owner attributes
  • Resource owner roles
  • Access token scopes

It is the responsibility of each service owner to develop a suitable authorization approach and to work with the SAMS team to ensure that the metadata needed for authorization decisions is available via the appropriate OAuth flows.

References

The OAuth 2.0 Authorization Framework: https://tools.ietf.org/html/rfc6749

...