That probably depends on what authentication you are asking about.
Authentication of the client to the protected resource has two profiles MAC &
Bearer.
Authentication of the client to the Token Endpoint has an example in the OAuth
spec using client_id and a symmetric secret.
That is extensible
Please clarify what you're asking, if you would: There are two kinds of
authentication which happen with OAuth: client authentication and user
authentication, and neither of which are standardized on two-way TLS.
Client authentication happens at the token endpoint and is described in
section 2.3,
What are some common or suggested authentication methods that are used in
conjunction with OAuth 2.0?
Is TLS/SSL the only standard one or do people normally roll their own
authentication within OAuth's flows?
Elliot Cameron
Covenant Eyes Software Developer
elliot.came...@covenanteyes.com
