A protocol for authorization that allows third-party services to exchange data on behalf of a user or non-human identity without sharing credentials.
Description
OAuth2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. In the context of Non-Human Identities (NHIs), OAuth2.0 facilitates secure access for automated processes and services without requiring the direct use of user credentials. NHIs may represent services, applications, or devices that need to authenticate and interact with APIs or other services on behalf of users. For instance, a cloud service might require access to a user's data stored in another service to perform its functions, such as data analysis or automated backups. OAuth2.0 provides a way to delegate this access using tokens that represent the permissions granted by the user to the NHI, ensuring that sensitive credentials remain secure. This approach is widely adopted in modern application development, especially in microservices architectures and API-driven environments, where NHIs play a crucial role in automating workflows and enhancing interoperability between different systems.
Examples
- A cloud service using OAuth2.0 to access user data from a social media platform for analytics.
- An IoT device authenticating with a cloud service to send data without storing user credentials.
Additional Information
- OAuth2.0 supports multiple grant types, including authorization code, client credentials, and implicit grants.
- Tokens issued by OAuth2.0 can have scopes that limit the level of access granted to the NHI.
References
- What Are Non-Human Identities? - ConductorOne
- Non-Human Identity in the AI Age: A Technical Deep Dive
- The State of Non-Human Identity Security | CSA
- Non-Human Identity and Access Management - Workload IAM
- Challenges of non-human Identities in Salesforce - Entro Security
- Security Operations for Non-Human Identities - The Hacker News