The protocol described in the present document is intended for devices with limited input capabilities, such as hybridradios, IP-connected set top boxes and Smart TVs, that can communicate with web services over HTTPS.
The protocol specifies two APIs:
- the API between a client device and an authorization provider by which a client obtains a bearer token;
- the API between a service provider and an authorization provider by which a service provider verifies anaccess token.
The present document gives an overview of the protocol (clause 4), covering the core concepts (clause 5) and roles(clause 6) used in CPA and how the device flow works (clause 7).
The CPA APIs are specified in the present document in clauses 8, Client/Authorization Provider API and clause 9,Service Provider/Authorization Provider API.
An informative annex A describes how service providers can tell clients that the option to authenticate using the CPAprotocol is available, and how the bearer token obtained via CPA should be used to access protected resources.Although this clause is not normative, it is strongly recommended these conventions are followed where possible tomaximize interoperability.
- Edition:
- 1.1.1
- Published:
- 04/01/2016
- Number of Pages:
- 37
- File Size:
- 1 file , 850 KB
- Note:
- This product is unavailable in Russia, Ukraine, Belarus
Reviews
There are no reviews yet.