Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Which Grant, Which Identities – Back from RSA

DZone's Guide to

Which Grant, Which Identities – Back from RSA

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

I had the pleasure of discussing REST access control patterns with Enterprise Architects and partnering technology folks a while back. I also had the opportunity to present on this topic and one of the questions that came up afterwards was from a security architect who was unsure whether OAuth would be a good fit for some existing APIs that they have because those APIs happen to be consumed from two very different sources:

  1. From the inside, by internal applications that do not act on behalf of a particular subscriber but from the provider’s perspective

  2. From the outside, by applications that act on behalf of individual subscribers

OAuth 2.0 provides 4 core grant types that address different situations. In the case of the example described above, you could use the client creds grant type for the first type of access. It should be possible to permit different scopes to different client ids. The internal client ids would be allowed to request wider scopes. For the second type of consumption, the external one, any of the other 3 grant types could be applicable.

Image

Hope to see you at RSA next year.

Download A Buyer's Guide to Application and Data Integration, your one-stop-shop for research, checklists, and explanations for an application and data integration solution.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}