Hello there, I have a question regarding Authentication:
The following two scenarios, are they typical use cases for OAuth? Or OpenId-Connect? Or something completely different? Flow (A) would be like this: (1) Client calls Business Logic Server (2) Server detects there’s no Access Token in HTTP headers (3) Server redirects to *some* Authentication Server (4) Authentication Server challenges Client for Username/Password (5) Client (now with valid Access Token) is redirected to Business Logic Server and completes operation Flow (B) would look like this: (1) Client directly calls Authentication Server (kinda explicit Login call) with Username/Password and gets an Access Token in return (2) Client uses this Access Token for all calls to the Business Logic Server cheers, Frizz
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
