The World of OAuth Part 2
Let's talk a bit more about OAuth. Today I want to know, what is three legged authentication, and what is the alternative?
Three legged authentication means that there are three parties involved in the authentication process. These are: Client
, Authentication Server
and Resource Owner
. In this process the Resource Owner
is directed to the Authorization Server
to verify that the Client
should really get access to the resource that it is requesting.
The alternative is that we only have two participants in the authentication flow, these are the Authorization Server
and the Client
. Here the Client
must already have a Consumer Key
and Consumer Secret
that the Authorization Server
knows about and trust.
From the point of the Client
having authenticated with the Authorization Server
I believe the flow is the same for OAuth2. The Client
will now have an Access Token
and possibly also a Refresh Token
.