Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Client Application
(e.g. photoprinting.com)
Resource Server
(e.g. photos from “photos.com”)
Authenticates, Authorizes
Resource Owner OAuth Server
• Mobile OAuth
• Adding Oracle’s extensions to OAuth Protocol
• Supporting Native Apps on popular Mobile OS Platforms
• Covered by another set of slides
• Assertion Framework
• Client Assertion
• (Authorization) Assertion
• Support multiple formats: JWT and SAML
• Extended Grants
• Depends on server and deployment needs
• E.g. for Oracle to support OAM tokens
• Authorization Endpoint
• Front channel
• through Browser
• End-user authenticates
• User Consent Authorization Decisions
• Token Endpoint
• Back channel
• Direct HTTP request to OAuth Server, not through Browser
• Client authenticates
• Generates Tokens
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
https://server.example.com/ms_oauth/oauth2/endpoints/oauthservice/authorize
?response_type=token&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclie
nt.example.org%2Fcb&scope=profile&state=af0ifjsldkj
Header Segment:
{ "typ":"JWT","alg":"HS256" }
grant_type=client_credentials&scope=cloud.storage.read
grant_type=password&username=johndoe&password=A3ddj3w&scope=social.photo.
read
grant_type=client_credentials&scope=cloud.storage.read&client_i
d=xxxClientIdxxx&client_assertion=xxxClientAssertionxxx&client_
assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-
type%3Ajwt-bearer
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-
bearer&assertion=xxxUserAssertionxxx&client_id=xxxClientIdxxx&c
lient_assertion=xxxClientAssertionxxx&client_assertion_type=urn
%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-
bearer&scope=user.photo.write
POST /ms_oauth/oauth2/endpoints/oauthservice/tokens
HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=cloud.storage.read&c
lient_id=xxxClientIdxxx&client_assertion=xxxClientAssert
ionxxx&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth
%3Aclient-assertion-type%3Asaml2-bearer
POST /ms_oauth/oauth2/endpoints/oauthservice/tokens
HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-
type%3Asaml2-
bearer&assertion=xxxUserAssertionxxx&client_id=xxxClient
Idxxx&client_assertion=xxxClientAssertionxxx&client_asse
rtion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-
assertion-type%3Asaml2-bearer&scope=user.photo.write
grant_type=client_credentials
grant_type=password&username=john&password=welcome1
{
"oracle_client_assertion_type":"urn:ietf:params:oauth:client-assertion-
type:jwt-bearer",
"expires_in":28800,"token_type":"Bearer",
"oracle_tk_context":"client_assertion",
"refresh_token":"...Refresh Token for Client Assertion ...",
"access_token":"...Client Assertion..."
}
{
"expires_in":28800,
"token_type":"Bearer",
"oracle_tk_context":"user_assertion",
"oracle_grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer",
"access_token":"...JWT User Assertion..."
}