Instead, she authenticates directly with a server trusted by the photo-sharing service (authorization server), which issues the printing service delegation specific credentials (access token).
#Dnc server not real password#
Here is an example application given on page 5 of the specification RFC 6749 :įor example, an end-user (resource owner) can grant a printing service (client) access to her protected photos stored at a photo- sharing service (resource server), without sharing her username and password with the printing service.
OAuth Server by DnC is built on the OAuth 2.0 architecture. (publié initialement le mercredi 24 avril 2019) Why an authentication server ? # vendredi In a nutshell for developers : An OAuth 2.0 + OpenID Connect server allows end-user authentication to be delegated to an independent system so that you can safely let them navigate in your applications you will place great trust in the real identity of the users you will also be able to authenticate access to distributed resources (for example in the Cloud) in what can be likened to a virtual session, identified by the ID Token. With OAuth by DnC, your password can not be intercepted when you enter it, does not circulate on the Internet, is not registered anywhere ! Theese applications will not be able to access your personal identifiers (login and password). In a few words for users : After a single authentication procedure, you will be automatically connected to the applications. On the one hand, security will depend on what applications and services do with this information, on the other hand, their intrinsic security as well as that of the network. By nature, the protocol provides single sign-on of the user to different applications (SSO).ĭisclaimer : It is important to note that OpenID Connect, like any other authentication system, does not ensure the security of applications or data services, but provides them with more complete and reliable information about the end user than simpler methods. OpenID Connect allows applications to verify the identity of the end user based on authentication performed by an authorization server, as well as obtain end user information.
0 kommentar(er)
