Please clarify what you're asking, if you would: There are two kinds of authentication which happen with OAuth: client authentication and user authentication, and neither of which are standardized on two-way TLS.
Client authentication happens at the token endpoint and is described in section 2.3, which recommends use of HTTP Basic but allows for form parameters or other, out-of-scope methods such as client assertions. User authentication happens at the authorization endpoint and is completely outside of the scope of OAuth (by design). You can use whatever means you like to authenticate the user here, from a local username/password, OpenID, SAML, NTLM, whatever. OAuth makes no assumptions about how that happens and makes no recommendations, either. -- Justin On Wed, 2011-11-02 at 16:59 -0400, Elliot Cameron wrote: > What are some common or suggested authentication methods that are used > in conjunction with OAuth 2.0? > Is TLS/SSL the only standard one or do people normally roll their own > authentication within OAuth's flows? > > Elliot Cameron > > Covenant Eyes Software Developer > > [email protected] > > 810-771-8322 > > > Call 810-771-8322 > Phone to call with > Covenant Eyes > > > > Connect > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
