O'Reilly logo

OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

OAuth 2.0 SAML bearer assertion grant flow

Here we'll explore how SAML 2.0 bearer assertions can be used as authorization grants.

Regarding bearer assertions: a bearer is an entity (for example, a client application) in possession of an assertion, where the entity doesn't have to demonstrate proof of possession of the given assertion with some cryptographic key. Because of this, when the client application is supplying the assertion in the request to the server, the use of secure communication (TLS) is required so that the assertion is not compromised.

Key characteristic of this new grant type is that the client application is exchanging the SAML assertion for an access token.

The flow consists of the following steps:

  1. The grant flow is initiated (on ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required