The RFC5849 version of OAuth 1.0, or Open Authorization,
is an HTTP-based authorization protocol. OAuth 1.0 support makes it
possible for users to share their private resources between sites
without providing users and passwords. Private resources can be anything,
but common examples include photos, videos, and contact lists.
The OAuth 1.0 function of the Tivoli® Federated
Identity Manager can be configured through
the following methods:
- Tivoli Federated
Identity Manager console
- Command-line interface
OAuth 1.0 workflow
An OAuth
server issues tokens to OAuth clients. OAuth clients can access resources
on behalf of the resource owner using tokens that have scope, lifetimes,
and other attributes.
The OAuth 1.0 protocol runtime workflow diagram involves
the following steps:
- The OAuth client requests a set of temporary credentials from
the OAuth server to start the authentication process. Temporary credentials
distinguish individual OAuth client requests to the OAuth server.
- The OAuth server validates the request and returns a set of temporary
credentials to the OAuth client.
- The OAuth client redirects the resource owner to the authorized
URI to obtain the approval to access the protected resource.
- The resource owner authenticates with the OAuth server using its
client credentials and authorizes the request from the OAuth client.
- The OAuth server validates the temporary credentials and after
the resource owner authorizes the OAuth client, a verification code
is generated.
- The resource owner is redirected to the callback URI provided
by the OAuth client in the previous request.
- The OAuth client requests the access token using the temporary
credentials and verification code.
- The OAuth server validates the request and returns an access token
to the OAuth client to access the protected resource.