Versions Compared

Version Old Version 2 New Version Current
Changes made by

Adam Clarke

Adam Clarke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

The OAuth 2.0 Specification describes four methods (flows) for obtaining access tokens

  1. Authorization Code (3-leggedparty) http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.2
  2. Implicit Grant  http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.1
  3. Resource Owner Password Credentials  http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.3
  4. Client Credentials (2-leggedpartyhttp://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.4

...

Resource Owner Password Credentials (ROPC.)  Writing credential vault code to safely enter/store/manage user credentials for external servers is beyond the scope of the OAuth 2.0 client.  HOWEVER, if there was a credential vault in shindig a ROPC flow handler could be injected into the system.

Client Credentials can also could be handled rather simply and was implemented and test tested in this reference implementation.