Everywhere on the internet i see people saying that I should use OAuth instead of Basic HTTP Authentication. Meaning sending Base64Encoded username:password as part of the Autorization header. I do this because i don't want to be redirected to my authentication server for some applications. I understand that OAuth is prefered because you don't have to deal with credentials on your application, but are there any benefits for using OAuth?
Asked
Active
Viewed 67 times
1 Answers
0
A username/password is a credential that typically does not expire, or if it expires there's no defined way to get a new one.
The benefit of OAuth to the client is that it does not need to store a primary credential that doesn't expire and that there's a defined way (or rather multiple defined ways) to obtain an updated credential.
Moreover, the Resource Server never sees any long-lived credential at all or any other secret that should have been kept between the Client and the Authorization Server.
Hans Z.
- 50,496
- 12
- 102
- 115