The RFC5849 version of OAuth 1.0, or Open Authorization, is an HTTP-based authorization protocol. OAuth 1.0 support makes it possible for users to share their private resources between sites without providing users and passwords. Private resources can be anything, but common examples include photos, videos, and contact lists.
The OAuth 1.0 function of the Tivoli® Federated Identity Manager can be configured through the following methods:
- Tivoli Federated Identity Manager console
- Command-line interface
OAuth 1.0 workflow
An OAuth server issues tokens to OAuth clients. OAuth clients can access resources on behalf of the resource owner using tokens that have scope, lifetimes, and other attributes.
The OAuth 1.0 protocol runtime workflow diagram involves
the following steps:
- The OAuth client requests a set of temporary credentials from the OAuth server to start the authentication process. Temporary credentials distinguish individual OAuth client requests to the OAuth server.
- The OAuth server validates the request and returns a set of temporary credentials to the OAuth client.
- The OAuth client redirects the resource owner to the authorized URI to obtain the approval to access the protected resource.
- The resource owner authenticates with the OAuth server using its client credentials and authorizes the request from the OAuth client.
- The OAuth server validates the temporary credentials and after the resource owner authorizes the OAuth client, a verification code is generated.
- The resource owner is redirected to the callback URI provided by the OAuth client in the previous request.
- The OAuth client requests the access token using the temporary credentials and verification code.
- The OAuth server validates the request and returns an access token to the OAuth client to access the protected resource.