Hi all, I have a question about the Oauth RFC.
I'm reading this RFC on Oauth: http://tools.ietf.org/html/rfc6749 I get to this point: Quote In the traditional client-server authentication model, the client requests an access-restricted resource (protected resource) on the server by authenticating with the server using the resource owner's credentials. In order to provide third-party applications access to restricted resources, the resource owner shares its credentials with the third party. This creates several problems and limitations: Who would be the resource owner in this case? The client? I see primarily 3 parties involved: the host, the client and the 3rd party that wants what the client has access to. This is how I view this universe based on reading that paragraph. +--------+ +----------------+ +-----------------+| Client | --- > | Resource Owner | --- > | Resource Server |+--------+ +----------------+ +-----------------+ So, lets say that the "Resource Server" is facebook and the "Resource Owner" is Bob (he posts pictures and greets his friends on there), but he would like to give access to a Desktop app -- the "Client" -- to collect some metrics on his media (the scope of this access can be defined). So, "Resource Owner" Bob would log into "Resource Server" facebook, generate a token and paste it into the "Client" Desktop app and have that little puppy go on its merry way. Is my explanation sensible? Am I missing something? -- You received this message because you are subscribed to the Google Groups "OAuth" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
