OAuth 2.0 SAML bearer assertion grant flow

Here we'll explore how SAML 2.0 bearer assertions can be used as authorization grants.

Regarding bearer assertions: a bearer is an entity (for example, a client application) in possession of an assertion, where the entity doesn't have to demonstrate proof of possession of the given assertion with some cryptographic key. Because of this, when the client application is supplying the assertion in the request to the server, the use of secure communication (TLS) is required so that the assertion is not compromised.

Key characteristic of this new grant type is that the client application is exchanging the SAML assertion for an access token.

The flow consists of the following steps:

  1. The grant flow is initiated (on ...

Get OAuth 2.0 Identity and Access Management Patterns now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.