What is the difference between Claims based authentication vs What is provided by OAuth.
I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa.
Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol that is being proposed to allow fetching resources from different portals based on a security token.
Claims also has this concept of token (SAML encoded or X509 certificates).
I am trying to understand when do I choose Claims over OAuth and vice versa.
Thanks
Claims are name/value pairs that contain information about a user. So an example of a good scope would be "read_only". Whilst an example of a claim would be "email": "[email protected]".
Claims-based authentication is a mechanism which defines how applications acquire identity information about users. When a user tries to access a restricted section of Kentico, for example the administration interface, the system redirects the user to a logon page of an Identity provider.
Two parties are involved in an access token request: the client, who requests the token, and the resource (Web API) that accepts the token. The aud claim in a token indicates the resource that the token is intended for (its audience). Clients use the token but shouldn't understand or attempt to parse it.
Unlike Basic Auth, where you have to share your password with people who need to access your user account, OAuth doesn't share password data. Instead, OAuth uses authorization tokens to verify an identity between consumers and service providers.
Claims-based identity is a way of decoupling your application code from the specifics of identity protocols (such as SAML, Kerberos, WS-Security, etc). It is not only for web applications and is implemented as a .NET library / framework called WIF.
OAuth is a specific protocol by which one web site can obtain user consent to access their private data on another web site.
It is not really the case that you would choose one or the other, in fact they are complementary. Potentially you could use both at once, if you were building a .NET web app that performed OAuth via the WIF.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With