Why OAuth different from basic when credentials are needed ??

Manikantahere
Tera Contributor

‎11-24-2024 10:23 AM

Even to get refresh token / access token we are depends on credentials then how come its more secure?

 

I heard Oauth more of authorization rather than authentication and restricts if user is not authorised to do it? But once refresh token generated automatically access taken and then automatically resource action will be taken place? Where it checks restrictions if not authorised?

 

Basec authentication also will check first authentication and also can enforce acl rules as well to check authorization then what makes different Oauth to use than basic??

 

0 Helpfuls
  • 612 Views
1 REPLY 1

Anand Kumar P
Giga Patron
Giga Patron

‎11-24-2024 11:07 AM

Hi @Manikantahere ,

 

1. OAuth is more secure than Basic Authentication because credentials are only used during the initial token exchange, while tokens (short-lived and revocable) are used for subsequent access.

2. OAuth enforces restrictions by validating token scopes, roles, and ACLs on the resource server for every request.

3. Unlike Basic Authentication, OAuth allows dynamic token revocation, ensuring unauthorized users lose access immediately.

4. Basic Authentication transmits static credentials with every request, exposing them to greater risk, while OAuth minimizes this by using tokens.

5. OAuth is preferred in ServiceNow for external integrations due to its enhanced security, fine-grained control, and compliance with modern standards.

 

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/security/concept/c_O...

 

Mark it as helpful and solution proposed if it serves your purpose.
Thanks,
Anand