views:

181

answers:

2

What is meant by two legged authentication? Where and how it is used in programming?

+5  A: 

Good point, this is the post that I put my presentation from here.

alt text

Two legged authentication means that there are only two parties involved in the authentication process. The first step is to make a Create a User’s OAuth Token request by signing the request as described in the OAuth Consumer Request Specification. Please note that the OAuth Consumer Key provided in this request MUST be associated with an account that the User is a member of.

The main advantage of 2 legged authentication is that the user experience is seamless since no additional User interactions are required to initiate an API session. The disadvantage of this method is that the Consumer must have access to a valid set of OAuth Consumer credentials (key and secret) for the User’s Account. A User should NEVER reveal their Account Consumer Key/Secret to a 3rd party, making this type of authentication only appropriate when the Account holder and Consumer are of the same entity.

Also read here to learn about Oauth.

berkay
+3  A: 

2-legged seems to be used in the OAuth context.

It means there are two parties involved in the OAuth

See here for more: http://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi and this earlier one on SO http://stackoverflow.com/questions/884928/2-legged-oauth-looking-for-information

JoseK