Tag Archives: secret

How OAuth 2 trumps Basic authentication

So many negatives have been brought forth in the past on OAuth 2. Where there might be continuing points of contention, there is one area which seems to be clear: the “Resource Owner Password Credentials Grant” (OAuth 2 Spec, section 4.3) pattern as defined in the OAuth 2 spec is fundamentally superior to HTTP Basic authentication.

This formula describes gaining access to server resources directly. This approach might be utilized when you are securing your own resources; for instance, your mobile app that is accessing your own API.
Continue reading “How OAuth 2 trumps Basic authentication” »