diff options
author | Stéphane Raimbault <stephane.raimbault@gmail.com> | 2013-05-06 13:52:22 +0200 |
---|---|---|
committer | Stéphane Raimbault <stephane.raimbault@gmail.com> | 2013-05-06 13:52:22 +0200 |
commit | 869356eb396409799ae34ff6243023aafc0150b3 (patch) | |
tree | b29ea53fdaf052c569d93cbc7b8e706757a22aeb /docs | |
parent | 005e0485cee33c167eb6a03c72b0aa0603b1cd0a (diff) | |
download | oauthlib-869356eb396409799ae34ff6243023aafc0150b3.tar.gz |
Fix Sphinx warnings in oauth_1_versus_oauth_2 documentation
Diffstat (limited to 'docs')
-rw-r--r-- | docs/oauth_1_versus_oauth_2.rst | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/oauth_1_versus_oauth_2.rst b/docs/oauth_1_versus_oauth_2.rst index 05f2bfd..5553227 100644 --- a/docs/oauth_1_versus_oauth_2.rst +++ b/docs/oauth_1_versus_oauth_2.rst @@ -20,21 +20,24 @@ taken to restrict non authenticated clients access to resources appropriately. able to use SSL/TLS and you are willing to risk unknowingly granting access to your users resources to a malicious third party which has stolen tokens (but not authentication secrets) from one of your clients. + **(Provider)** Offer :doc:`authcode`. Impact can be limited by not - providing refresh tokens. + providing refresh tokens. Default in :doc:`WebApplicationServer <preconfigured_servers>`. **(Client)** Use :doc:`Web Application Client <webapplicationclient>`. * Similar to above, but you are unwilling to risk malicious access based on stolen tokens alone. + **(Provider)** Offer :doc:`OAuth 1 <server>`. **(Client)** Use :doc:`OAuth 1 Client <client>`. * Your clients reside in user controlled devices with the ability to authorize through a web based workflow. This workflow is inherently insecure, restrict - the privileges associated with tokens accordingly. + the privileges associated with tokens accordingly. + **(Provider)** Offer :doc:`implicit`. Default in :doc:`MobileApplicationServer <preconfigured_servers>`. @@ -43,6 +46,7 @@ taken to restrict non authenticated clients access to resources appropriately. * Similar to above but without the ability to use web authorization. These clients must have a strong trust relationship with the users although they offer no additional security. + **(Provider)** Offer non authenticated :doc:`password`. Default in :doc:`LegacyApplicationServer <preconfigured_servers>`. @@ -52,6 +56,7 @@ taken to restrict non authenticated clients access to resources appropriately. API to using OAuth tokens but for various reasons don't wish to use the web based authorization workflow. The clients reside in secure environments and have a strong trust relationship with their users. + **(Provider)** Offer authenticated :doc:`password`. Default in :doc:`LegacyApplicationServer <preconfigured_servers>`. @@ -59,6 +64,7 @@ taken to restrict non authenticated clients access to resources appropriately. * You wish to run an internal, highly trusted, job acting on protected resources but not interacting with users. + **(Provider)** Offer :doc:`credentials`. Default in :doc:`BackendApplicationServer <preconfigured_servers>`. |