OAuth 2.0 Benefits and make use of cases вЂ” why?
we ask because I’m a bit confused about it вЂ” here’s my thoughts that are current
OAuttitle (more properly HMAC) requests seem logical, easy to understand, easy to develop and actually, really safe.
OAuth2, rather, brings authorization requests, access tokens and refresh tokens, and you have to create 3 requests during the start that is very of session to get the data you’re after. As well as then, one of the requests will ultimately wind up failing when the token expires.
Also to get another access token, you utilize a token that is refresh ended up being passed away in addition once the access token. Does that produce the access futile that is token a safety standpoint?
Plus, as /r/netsec have showed recently, SSL isn’t all totally safe, so that the push to get every thing onto TLS/SSL in place of a secure hmac confuses me.
OAuth are arguing it’s not about 100% safety, but setting it up finished and published. That doesn’t exactly seem guaranteeing from the provider’s standpoint. I’m able to see just what the draft is trying to accomplish whenever it mentions the 6 flows that are different but it is simply not fitting together within my head.
I believe it might be more my struggling to comprehend it is advantages and thinking than actually disliking it, and this may be a little bit of an unwarranted assault, and sorry if this could seem like a rant.