Both MAC and Bearer work in this setup, just think of them as HMAC-SHA-1 and PLAINTEXT in OAuth 1.0. In Bearer, your token is the client secret and in MAC, the client secret is the key.
EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Hawkins Sent: Tuesday, November 29, 2011 12:28 PM To: oauth@ietf.org Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0 Maybe I'm making this harder then it should be. Here is the situation: Site A and B both trust each other. Site A needs to update user information at site B. With OAuth 1.0 Site A would use it's consumer key and secret to sign the update call to Site B (no access token involved). Only one message is sent. The closest I can come to the above with OAuth 2.0 is to use the MAC token scheme and sign the request with the consumer secret. Is that valid? I kind of get the idea that the protocol doesn't care. It feels like the bearer scheme just doesn't work for what I'm trying to do. Thanks Brian On Tue, Nov 29, 2011 at 1:06 PM, Eran Hammer-Lahav <e...@hueniverse.com<mailto:e...@hueniverse.com>> wrote: This functionality can be implemented in two main ways: 1. Using the client credentials flow to get an access token, then using the protocol as usual 2. Just using the Bearer (over SSL) or MAC token schemes without the rest of OAuth EHL From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org> [mailto:oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>] On Behalf Of Brian Hawkins Sent: Tuesday, November 29, 2011 11:49 AM To: oauth@ietf.org<mailto:oauth@ietf.org> Subject: [OAUTH-WG] 2 Leg with OAuth 2.0 I'm having trouble finding information on how to do 2leg authentication with OAuth 2.0. Does it even support it? Thanks Brian
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
