What OAuth 2.0 isn’t

Sid
Mar 13, 2022
  1. Not defined outside of http protocol (isn’t meant to be used outside https protocol)
  2. Not an authentication protocol
  3. Doesn’t define a mechanism for user to user delegation
  4. Doesn’t define authorization processing mechanism
  5. Doesn’t define a token format (token content is opaque to the client application)
  6. Defines no cryptographic methods
  7. Not a single protocol (split in to multiple definitions and flows)

--

--