/2013/07/10/oauth-2-trumps-basic-authentication/?utm_source=rss&utm_medium=rss&utm_campaign=oauth-2-trumps-basic-authentication Everything about API User Experience Thu, 29 Oct 2015 17:48:50 +0000 hourly 1 https://wordpress.org/?v=5.8.6 /2013/07/10/oauth-2-trumps-basic-authentication/#comment-9889 Thu, 29 Oct 2015 17:48:50 +0000 /?p=390#comment-9889 SSL + Basic Auth if using server cert pinning or a 3rd party signed cert shouldn’t be an issue. Is only when you pass the exchange self signed public key in the open that contain the risk.

]]> /2013/07/10/oauth-2-trumps-basic-authentication/#comment-463 Thu, 08 May 2014 21:06:32 +0000 /?p=390#comment-463 Hi,
I think the last line of the “RESTful Web Services Cookbook” excerpt is actually about OAUTH v1 where the AT secret is used in the signed part of the request. OAUTH v2 has no AT-secrets and signing is solely done byTLS.

]]> /2013/07/10/oauth-2-trumps-basic-authentication/#comment-337 Tue, 21 Jan 2014 10:28:08 +0000 /?p=390#comment-337 […] http://developer.github.com/v3/ [2] /2013/07/10/oauth-2-trumps-basic-authentication/ [3] […]

]]> /2013/07/10/oauth-2-trumps-basic-authentication/#comment-324 Tue, 24 Dec 2013 02:28:20 +0000 /?p=390#comment-324 […] for a token that can be used to authenticate (and authorize) subsequent requests. This is an alternative to Basic Auth, slightly better in the sense that you just include credentials on the first call (thus you […]

]]> /2013/07/10/oauth-2-trumps-basic-authentication/#comment-209 Mon, 15 Jul 2013 17:49:33 +0000 /?p=390#comment-209 […] The Resource Owner Password Credentials Grant pattern defined in the OAuth 2 spec is fundamentally superior to HTTP Basic authentication.  […]

]]> /2013/07/10/oauth-2-trumps-basic-authentication/#comment-206 Thu, 11 Jul 2013 11:28:10 +0000 /?p=390#comment-206 […] How OAuth 2 trumps Basic authentication (@jason_h_austin) (John Sheehan) […]

]]>