Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference between Claims vs OAuth

Tags:

What is the difference between Claims based authentication vs What is provided by OAuth.

I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa.

Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol that is being proposed to allow fetching resources from different portals based on a security token.

Claims also has this concept of token (SAML encoded or X509 certificates).

I am trying to understand when do I choose Claims over OAuth and vice versa.

Thanks

like image 402
Venki Avatar asked May 17 '10 08:05

Venki

People also ask

Does OAuth have claims?

Claims are name/value pairs that contain information about a user. So an example of a good scope would be "read_only". Whilst an example of a claim would be "email": "[email protected]".

What is a claim in authentication?

Claims-based authentication is a mechanism which defines how applications acquire identity information about users. When a user tries to access a restricted section of Kentico, for example the administration interface, the system redirects the user to a logon page of an Identity provider.

What is claims in access token?

Two parties are involved in an access token request: the client, who requests the token, and the resource (Web API) that accepts the token. The aud claim in a token indicates the resource that the token is intended for (its audience). Clients use the token but shouldn't understand or attempt to parse it.

What is the difference between AUTH and OAuth?

Unlike Basic Auth, where you have to share your password with people who need to access your user account, OAuth doesn't share password data. Instead, OAuth uses authorization tokens to verify an identity between consumers and service providers.

Video Answer

1 Answers

Claims-based identity is a way of decoupling your application code from the specifics of identity protocols (such as SAML, Kerberos, WS-Security, etc). It is not only for web applications and is implemented as a .NET library / framework called WIF.

OAuth is a specific protocol by which one web site can obtain user consent to access their private data on another web site.

It is not really the case that you would choose one or the other, in fact they are complementary. Potentially you could use both at once, if you were building a .NET web app that performed OAuth via the WIF.

like image 141
Andrew Strong Avatar answered Oct 23 '22 02:10

Andrew Strong
Sign in to Comment

Related questions

What is the Java equivalent of .NET's IEquatable<T> Interface?
Do Doxygen config files support variables?
WPF - Bind to Item Index from within ItemTemplate of ItemsControl?
Android "Not_Market_Managed" error
ggplot2: line connecting the means of grouped data
Qt interfaces or abstract classes and qobject_cast()
Get *all* CSS attributes with jQuery
How to call RESTFUL services from GWT?
Detecting USB Insertion / Removal Events in Windows using C++
How can I do 'if..else' inside a for-comprehension?
ASP.NET Entry Point?
Respond to application-wide "hotkey" in Qt

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!