The World of OAuth Part 2
Let's talk a bit more about OAuth. Today I want to know, what is three legged authentication, and what is the alternative?
Three legged authentication means that there are three parties involved in the authentication process. These are:
Authentication Server and
Resource Owner. In this process the
Resource Owner is directed to the
Authorization Server to verify that the
Client should really get access to the resource that it is requesting.
The alternative is that we only have two participants in the authentication flow, these are the
Authorization Server and the
Client. Here the
Client must already have a
Consumer Key and
Consumer Secret that the
Authorization Server knows about and trust.
From the point of the
Client having authenticated with the
Authorization Server I believe the flow is the same for OAuth2. The
Client will now have an
Access Token and possibly also a