I read about OAuth and found that it roughly follows the following
- client sends request token during redirect to server
- Server displays authorization screen to resource owner
- Resource owner provides uid and pw (not passed to client)
- Server sends access token back to client
- clients then users the Access token to gain access to a
resource
Based on my re-identification, it is not clear that OAuth does not include SSO or federation, but on some Blogs it is assumed that it performs SSO
Right or wrong. Can it perform SSO without the help of other protocols?
thank
source
share