OAuth 2.0 is an industry-standard protocol for authorization. It provides a wide range of authorization flows to support various uses cases for web applications, desktop applications, mobile phones, and IoT devices.

It is important to stress that OAuth is solely responsible for coarse-grained authorization, that is whether the application/device is authorized to make the request. However, the service still needs to make a decision on whether the specific request that has been made is actually allowed based on multiple factors such as time, region, delegation rules, etc. This is where fine-grained authorization models (PDP, PAP, PIP, PEP) come in. Visit my blog post for more details on fine-grained authorization.

Read full news article on Dzone