Authorization Server: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
Access tokens are issued to third-party clients by an [[Authorization Server]] with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server. Taken from RFC 6749<ref> ''The OAuth 2.0 Authorization Framework'' RFC 6749 https://www.rfc-editor.org/rfc/pdfrfc/rfc6749.txt.pdf</ref> | Access tokens are issued to third-party clients by an [[Authorization Server]] with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server. Taken from RFC 6749<ref> ''The OAuth 2.0 Authorization Framework'' RFC 6749 https://www.rfc-editor.org/rfc/pdfrfc/rfc6749.txt.pdf</ref> | ||
==Context== | |||
* The ultimate purpose of most user authentication is to allow the user, or the user's client, to access protected resources. The abstract concept of an [[Authorization Server]] is just the source of the tokens that are sent to the [[Resource Server]] to give it the authority it needs to provide access to the client. | |||
==References== | ==References== | ||
Revision as of 00:21, 17 April 2020
Full Title
Access tokens are issued to third-party clients by an Authorization Server with the approval of the resource owner. The client uses the access token to access the protected resources hosted by the resource server. Taken from RFC 6749<ref> The OAuth 2.0 Authorization Framework RFC 6749 https://www.rfc-editor.org/rfc/pdfrfc/rfc6749.txt.pdf</ref>
Context
- The ultimate purpose of most user authentication is to allow the user, or the user's client, to access protected resources. The abstract concept of an Authorization Server is just the source of the tokens that are sent to the Resource Server to give it the authority it needs to provide access to the client.
References
<references />