Start a topic about the product "OAuth" in the OAuth community See all products and services

Ask a question Share an idea Report a problem Share some praise

Recently active topics in OAuth

Browse by

Chris Wee
6 people have this question 1 Reply

How does OAuth compare with Kerberos?
Show more... ...Show less

How does OAuth compare with ticket granting services like Kerberos?

I understand that OAuth is like the ticket granting service (TGS) in Kerberos.
What about the other parts? Can OAuth be organized into domains?
Can TGS be delegated, in addition to primary services?

Are the threat models the same? Are the protection models the same?
If the comparison hasn't been made, does anyone think it is worthwhile to study this?

-chris

Reply to this question

josephholsten last replied on October 12, 2008 11:23
Jacob Gyllenstierna
1 Reply

Can OAuth be used for file upload?
Show more... ...Show less

How would I sign a request if it contains a file upload parameter, that in my case could be 100+ MB?

Does the specification (or an extension of it) support specifying parameters that do not need to be part of the signature so the server can ignore them?

Reply to this question

blaine (Official Rep) last replied on August 11, 2008 15:59
Ram
1 Reply

Registration with OAuth SP
Show more... ...Show less

Hi,
Does OAuth consumer required to register itself with consumer key and secrete priore to miking any OAuth Request

- Ram

Reply to this question

Chris Messina (Official Rep) last replied on July 25, 2008 22:20
RickMeasham
2 people have this question 1 Reply

Is OAuth an appropriate authorization tool when there is no end-user authorization, just consumer level?
Show more... ...Show less

I have an application for which I'm adding an API. OAuth seems like a good idea as there are libraries around the place already. However, I don't need the token exchange and end-user verification. If the consumer gives me the right key for the provided signature, then that's as far as I need to go.

It seems that the 'request token' part of the process is as far as I need to go so long as I can add other request variables into it.

Reply to this question

Nick Floyd last replied on July 18, 2008 16:19
Gabe Wachob
2 people have this problem 2 Replies

OAuth.net site is down
Show more... ...Show less

The Oauth.net web site is down again...

Reply to this problem

The company marked this problem solved

Chris Messina (Official Rep) last replied on July 08, 2008 23:58
Jonathan
4 Replies

OAuth has nebulous licensing
Show more... ...Show less

OAuth has nebulous licensing.

It was not until Gabriel Wachob pointed me to this external document:

https://agree2.com/declarations/oauth...

That I found licensing on the specification. That should be on the spec itself - and it would be great to see it on the site too.

I don't care about the non-assertion -- I just care about the spec. The placement of the specification under that Creative Commons license is imperative so that people can legally redistribute the spec for reference.

Reply to this problem

The company is working on this problem

Jonathan last replied on July 11, 2008 16:00
John
1 Reply

How does OAuth compare and contrast with OpenID
Show more... ...Show less

How does OAuth compare and contrast with OpenID?

I understand that OpenID provides a way for a user to provide a distributed authentication mechanism, which OAuth covers as well. I also believe that OAuth goes further in some respects by documenting things that OpenID leaves up to the providers. Is this accurate?

Are there any other ways that these two systems compare and contrast?

Reply to this question

Chris Messina (Official Rep) last replied on April 16, 2008 21:13