OAuth Authentication
ISAM supports OAuth 2.0 authentication. The implementation of OAuth in ISAM strictly follows the OAuth standards.
OAuth is an HTTP-based authorization protocol. It provides third-party applications with scoped access to a protected resource on behalf of the resource owner. It provides scoped access by creating an approval interaction between the resource owner, the client, and the resource server. Users receive the ability to share their private resources between sites without providing user names and passwords. WebSEAL provides two different mechanisms by which it can validate OAuth tokens:
- ws-trust authentication
- Authentication details are passed to a server for verification using the ws-trust protocol. Legacy mechanism supported by IBM Security Verify Access and is previously known as oauth-auth.
- OAuth introspection
- Authentication details are passed to a server for verification using an OAuth introspection endpoint.
For a complete description of the OAuth specifications, see the OAuth website: http://www.oauth.net
For more general information about OAuth support in ISAM, see OAuth 2.0 and OIDC support.
- Sample OAuth flow
The OAuth authentication supported by ISAM is OAuth version 2.0. The method of providing the access token is through an HTTP header named Authorization. Other forms of providing the access token are not supported. Here is a typical work flow to make use of OAuth authentication.- ws-trust authentication
Authentication details are passed to a server for verification using the ws-trust protocol. Legacy mechanism supported by IBM Security Verify Access and is also known as oauth-auth.- OAuth Introspection
Authentication details are passed to a server for verification using an OAuth introspection endpoint.
Parent topic: Authentication methods
Related concepts
- Basic authentication
- Forms authentication
- Client-side certificate authentication
- Token authentication
- Kerberos authentication through an External Authentication Interface (EAI)
- Windows desktop single sign-on
- LTPA authentication
- OpenID Connect (OIDC) authentication
Related reference