Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What do you mean? What is an example of it not being used alone?


I mean it is usually paired with an id token, an identifier like an email address is provided, or the access token has a sub claim that is tied back to the user.

So it is not pure authorization, but both authentication and authorization.

Pure authorization would be like a car key, with no identity mixed in.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: