I posted the concept of oauth last time and let's go into more detail.
oauth 1.0 has a lot of security issues.
oauth 1.0a (RFC-5849) is stable and has self-encrypting capabilities, which eliminates the need for HTTPS.
oauth 2.0 (RFC-6749, RFC-6750) is significantly different from oauth 1.0, with basic specifications being standardized and additional specifications being standardized.
oauth 1.0 and 2.0 are incompatible.
There are Twitter, Netflix, and Naver in oauth 1.0a.
The oauth 2.0 includes Facebook, Google, and T-Story.
In oauth 1.0, the 헤더 header was changed to Oauth and the parameter was renamed access_token from oauth_token.
oauth 2.0 provides scalability and support for various tokens by separating the certificatevers.
We used hmac-sha1, but now we use cURL, Postman, REST Console, and Rest client.
'Security' 카테고리의 다른 글
What is AIOps? Note (0) | 2018.09.28 |
---|---|
SSO and OAUTH Note (0) | 2018.09.27 |
What is BCDR? Note 1 (0) | 2018.09.25 |
What is OAuth? Note (0) | 2018.09.24 |
IT Security Automation Note 4 (0) | 2018.09.02 |