I am trying to understand OAuth2 and OIDC. The OIDC glossary is a good starting point, and while it defines "Authentication", but does not actually define "Authorization". I suspect it leaves to the OAuth2 specification to define the term. I cannot, however, find any definition in the RFC. Where is the official definition of "Authorization" according to OAuth2?
Asked
Active
Viewed 24 times
-1
-
Why do you need a definition from a specific source? Is it not a general term? – schroeder Mar 25 '22 at 09:13
1 Answers
0
I suppose the "Internet Security Glossary" RFC 4949, indeed referenced by https://openid.net/specs/openid-connect-core-1_0.html#rfc.references2, is what I was looking for:
https://www.rfc-editor.org/rfc/rfc4949.txt
An approval that is granted to a system entity to access a system resource.