Win a copy of Reactive Streams in Java: Concurrency with RxJava, Reactor, and Akka Streams this week in the Reactive Progamming forum!

Justin Richer

Author
+ Follow
since Jan 09, 2017
Cows and Likes
Cows
Total received
5
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Justin Richer

Congratulations, everyone!
To do the whole OAuth 2 protocol, yes, all parts need to support it: client, authorization server, and protected resource. But one of the good things about OAuth 2, in my opinion, is the modularity of the system. You can use the "get a token" parts and then present the token in a different manner, like in https://tools.ietf.org/html/rfc7628 over GSSAPI. Or you can use some internal mechanism to get a token and then use the "use a token" portion apart from that. It's all up to your application how you want to put it together. But the thing is, in these other cases, I'd argue that you're no longer truly doing OAuth, you're doing "OAuth + something else". Which is fine and legal, of course, but the question is what do you call that.

The real danger in the world is coming up with something that's "OAuth-like", as a proprietary solution is not likely to be as tested and vetted as the standard.