Sep 12, 2020

The World of OAuth Part 2

Let's talk a bit more about OAuth. Today I want to know, what is three legged authentication, and what is the alternative?

Three legged authentication means that there are three parties involved in the authentication process. These are: Client, Authentication Server and Resource Owner. In this process the Resource Owner is directed to the Authorization Server to verify that the Client should really get access to the resource that it is requesting.

The alternative is that we only have two participants in the authentication flow, these are the Authorization Server and the Client. Here the Client must already have a Consumer Key and Consumer Secret that the Authorization Server knows about and trust.

From the point of the Client having authenticated with the Authorization Server I believe the flow is the same for OAuth2. The Client will now have an Access Token and possibly also a Refresh Token.