Menu
I am designing a RESTful API which will always communicate over HTTPS. Is there any reason to use a scheme like OAuth when running over HTTPS? I am particularly interested whether or not aspects like HMAC-signed requests, nonces, and timestamps are useful when the entire communication is encrypted.
It seems like any authentication scheme over HTTPS is sufficient but I just wanted to get a second opinion.
213
Well, that's the whole theory behind OAuth 2. Instead of the complicated signature mechanisms of OAuth 1, you just rely on transport-layer security and focus on the authorization piece of the puzzle. The HTTPS protocol does not solve the authorization piece, so you still need OAuth 2 for that.
146
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
