MAC would be more appropriate in my opinion for this.
________________________________
From: Eran Hammer-Lahav <e...@hueniverse.com>
To: Brian Hawkins <br...@lingotek.com>; "oauth@ietf.org" <oauth@ietf.org>
Sent: Tuesday, November 29, 2011 12:38 PM
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
Both MAC and Bearer work in this setup, just think of them as HMAC-SHA-1 and
PLAINTEXT in OAuth 1.0. In Bearer, your token is the client secret and in MAC,
the client secret is the key.
EHL
From:oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Hawkins
Sent: Tuesday, November 29, 2011 12:28 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
Maybe I'm making this harder then it should be.
Here is the situation: Site A and B both trust each other. Site A needs to
update user information at site B.
With OAuth 1.0 Site A would use it's consumer key and secret to sign the update
call to Site B (no access token involved). Only one message is sent.
The closest I can come to the above with OAuth 2.0 is to use the MAC token
scheme and sign the request with the consumer secret. Is that valid? I kind
of get the idea that the protocol doesn't care.
It feels like the bearer scheme just doesn't work for what I'm trying to do.
Thanks
Brian
On Tue, Nov 29, 2011 at 1:06 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
This functionality can be implemented in two main ways:
1. Using the client credentials flow to get an access token, then using
the protocol as usual
2. Just using the Bearer (over SSL) or MAC token schemes without the rest
of OAuth
EHL
From:oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Hawkins
Sent: Tuesday, November 29, 2011 11:49 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] 2 Leg with OAuth 2.0
I'm having trouble finding information on how to do 2leg authentication with
OAuth 2.0. Does it even support it?
Thanks
Brian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth