+1
JB.
> On Jul 2, 2015, at 1:33 PM, Adam Lewis
> wrote:
>
> Hi Lisa,
>
> Form the perspective of OAuth, there is ALWAYS a client (even if it is
> running on a server). Of your two servers, one is exposing an API (so this
> will be your RS), and the other server is a client of that API, so
Hi Lisa,
Form the perspective of OAuth, there is ALWAYS a client (even if it is
running on a server). Of your two servers, one is exposing an API (so this
will be your RS), and the other server is a client of that API, so that
will be your Client. So it is still a client-server communication.
S
Using Bearer tokens with refresh tokens is a valid use case for
server-to-server and has the same nice properties that is does for users, in
that it applies a single control point for revoking access. Using Bearer
tokens has very different security properties than OAuth 1.0a and you should
ca
Hi All
This is Lisa.
Our project is adopting OAuth 2 as authentication specification.
For the client-server communication, OAuth token works fine. But we have some
cases of server to server communication, usually it will be multiple tasks
running in parallel or sequence or even in multiple threa
