Anthony Lucia
asked on
OAuth
I have been reading about OAuth, and not quite sure I understand.
From what I read, the following is what I think is going on:
The client (someone with a browser), tries to access a web service. The Web Service routes the request to a Identify Provider (or Authentication server). The user logs into the Identity provider. The Identity provider sends a token to the web service. This token says the user is trusted, and can stay logged in. The web service can now check the token to see what actions the user is authorized for.
Is this correct. Am I missing something?
Is there encryption involved ? If so where
Thanks
From what I read, the following is what I think is going on:
The client (someone with a browser), tries to access a web service. The Web Service routes the request to a Identify Provider (or Authentication server). The user logs into the Identity provider. The Identity provider sends a token to the web service. This token says the user is trusted, and can stay logged in. The web service can now check the token to see what actions the user is authorized for.
Is this correct. Am I missing something?
Is there encryption involved ? If so where
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.