OAuth (Open Authorization Standard)
OAuth is an open authorization standard used to provide secure client application access to server resources. The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.
OAuth enables server owners to authorize access to the server resources without sharing credentials. This means the user can grant access to private resources from one server to another server resource without sharing their identity.
OAuth Solves Traditional Client-Server Authentication Issues
OAuth is designed to problems and limitations found in traditional client-server authentication model where third-party applications are required to store the resource owner’s credentials for future use and where resource owners cannot revoke access to an individual third party without revoking access to all third parties.
OAuth addresses these issues by introducing an authorization layer and separating the role of the client from that of the resource owner. Instead of using the resource owner’s credentials to access protected resources, the client obtains an access token, issued to third-party clients by an authorization server with the approval of the resource owner.
The OAuth Protocol
The OAuth 1.0 protocol (RFC5849), published as an informational document, was the result of a small ad hoc community effort. The OAuth 2.0 protocol is not backward compatible with OAuth 1.0.
OAuth Security Flaws
In May, 2014 a security flaw was discovered in the widely used OAuth and OpenID website authentication mechanisms. The flaw was not in OAuth 2, but was a result of how some businesses implemented the standards, primary in situations where open redirects were used. Following news of the security flaw, Google said it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks.
Read Also:
- VMware vSphere
A server virtualization platform from VMware. VMware vSphere debuted in 2009 as the successor to the company’s flagship VMware Infrastructure solution, and it serves as a complete platform for implementing and managing virtual machine (VM) infrastructure on a large scale. Also referred to as a cloud operating system or virtualized data center platform, VMware vSphere […]
- Ambidextrous Computing
A phrase coined by AMD to describe the bridging ARM and x86 systems (for CPUs and SoCs). The AMD CPU core design is compatible with the 64-bit ARMv8 instruction set and offers high-performance 64-bit ARM and x86 CPU cores paired with graphics. AMD’s ambidextrous computing roadmap includes “Project SkyBridge” – a new design framework, that […]
- Docker
An open-source project for automating the deployment of applications as portable, self-sufficient containers that can run virtually anywhere on any type of server. Docker serves as a lightweight alternative to full machine virtualization provided by traditional hypervisors like VMware’s ESXi, Xen or KVM. With a traditional hypervisor approach, each virtual machine (VM) needs its own […]
- iPad Mini 3
The Apple iPad Mini 3 is the third generation of Apple’s iPad Mini tablet computer and the successor to 2013’s iPad Mini with Retina Display. The Apple iPad Mini 3 debuted in October 2014 at the same time as the iPad Air 2, which serves as the successor to the iPad Air. The iPad Mini […]
- SoakSoak
SoakSoak is a strain of malware that leverages security vulnerabilities in a WordPress plug-in. These vulnerabilities are found in the RevSlider third-party plug-in, which is included in several popular themes for the open source blogging and content management system (CMS). SoakSoak can utilize these vulnerabilities on unpatched or out-of-date WordPress systems to connect with the […]