That probably depends on what authentication you are asking about. Authentication of the client to the protected resource has two profiles MAC & Bearer. Authentication of the client to the Token Endpoint has an example in the OAuth spec using client_id and a symmetric secret. That is extensible and openID Connect defines an additional method using asymmetric keys.
Authentication of the resource owner to the authorization server is roll your own:) Authentication of the Authorization server/token endpoint/protected resource to the client is TLS for the most part. Regards John B. On 2011-11-02, at 5:59 PM, Elliot Cameron wrote: > What are some common or suggested authentication methods that are used in > conjunction with OAuth 2.0? > Is TLS/SSL the only standard one or do people normally roll their own > authentication within OAuth's flows? > > Elliot Cameron > Covenant Eyes Software Developer > [email protected] > 810-771-8322 > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
