+1 vote
in APIGEE - API Services by

Does OAuth 2.zero have main performance improvements over OAuth 1.0 and does it do a higher activity at protection?

1 Answer

0 votes
by

The distinction is not a lot approximately the performance, but in how flexible the framework is. OAuth 2.0 is a standard, extensible manner to create authorization mechanisms, while OAuth 1.zero most effective really supported one factor.

OAuth 1.0 addressed a much smaller subset of these troubles, and simplest supported one token kind (secret keys encrypted the use of an HMAC) and simplest one way to get tokens (internet browser redirect).

OAuth 2.0 normally uses bearer tokens (random values which can be handed through TLS/SSL as an HTTP header), however those may be received in many approaches, together with an internet browser redirect and a username/password check. The spec committee is operating on additional approaches of having tokens, which includes through signed JSON web tokens (JWT).

Related questions

0 votes
asked Mar 18, 2021 in Threat Modeling by sharadyadav1986
+3 votes
asked Jan 21, 2021 in C Plus Plus by SakshiSharma
...