Timeline for OAuth2 ROPC vs Basic Auth for public REST APIs?
Current License: CC BY-SA 3.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 7, 2021 at 7:34 | history | edited | CommunityBot | replaced https://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc | |
| Mar 14, 2019 at 6:13 | comment | added | Arun Avanathan | How could we use OAuth if user (Resource Owner) doesn't have any credentials with an external Authorization server, but he has credentials in the Client application? That is we have Resource Owner (user), The Client (representing the user & also containing credentials for user) and Resource Server. How can a Resource Server authenticate & authorize the user? | |
| Feb 26, 2019 at 20:23 | comment | added | eel ghEEz | Thanks for a wide angle, but I don't think these advantages, (a) letting the user agent hold just the token instead of the password, (b) allowing a password change without disrupting existing client apps, (c) allowing users log out other sessions are specific to token authentication flows. Neither Basic nor token authentications mention functions (b) and (c) in their specs. Implementing (b) and (c) seems possible for any kind of authentication. It would involve keeping track of passwords (preferably their hashes). The advantage (a) seems dependant on the wider scope of the password. | |
| Oct 13, 2015 at 8:17 | vote | accept | smeeb | ||
| Sep 26, 2015 at 3:09 | history | bounty awarded | CommunityBot | ||
| Sep 25, 2015 at 3:14 | history | edited | Omer Iqbal | CC BY-SA 3.0 | added 4 characters in body |
| Sep 24, 2015 at 17:03 | history | edited | Omer Iqbal | CC BY-SA 3.0 | deleted 26 characters in body |
| Sep 24, 2015 at 7:05 | history | edited | Omer Iqbal | CC BY-SA 3.0 | added 482 characters in body |
| Sep 24, 2015 at 3:26 | history | edited | Omer Iqbal | CC BY-SA 3.0 | deleted 2 characters in body |
| Sep 24, 2015 at 3:15 | history | edited | Omer Iqbal | CC BY-SA 3.0 | added 349 characters in body |
| Sep 23, 2015 at 18:42 | history | edited | Omer Iqbal | CC BY-SA 3.0 | Added more on token issuance |
| Sep 23, 2015 at 6:35 | history | edited | Omer Iqbal | CC BY-SA 3.0 | added 44 characters in body |
| Sep 23, 2015 at 6:30 | history | edited | Omer Iqbal | CC BY-SA 3.0 | added 44 characters in body |
| Sep 23, 2015 at 6:24 | history | answered | Omer Iqbal | CC BY-SA 3.0 |