Conversation
akshayarora2009
left a comment
akshayarora2009
left a comment
There was a problem hiding this comment.
This is a really nice PR - short, crisp and I think all important topics are covered. I hope you understand all the terms that you have mentioned - Idempotence, Base64 encoding, OAuth protocol, etc.
Good work.
Just one thing - please use a different name for this file and use a parent folder for it. I mean, create a folder named "sunpriya", and then create a file in it named "http_verbs.md" (example). This file should have a ".md" extension (all text should be written in markdown).
I'll merge this PR when you update this one with the changes.
| • </user> | ||
| • The changes described in the PATCH document must be semantically well defined but can have a different media type than the resource being patched. | ||
| • Either all changes specified by patch keyword are applied or none are applied | ||
| • Patch is not idempotent |
There was a problem hiding this comment.
Idempotence is a very good topic to bring up! 😄
| • OAUTH 1.0a is the most secure protocol. The protocol uses a cryptographic signature, (usually HMAC-SHA1) value that combines the token secret, nonce, and other request based information. The great advantage of OAuth 1 is you never directly pass the token secret across the wire, which completely eliminates the possibility of anyone seeing a password in transit. | ||
| • However, this level of security comes with a price: generating and validating signatures can be a complex process. You have to use specific hashing algorithms with a strict set of steps. | ||
| • OAuth2 sounds like an evolution of OAuth1, but in reality it is a completely different take on authentication that attempts to reduce complexity. OAuth2’s current specification removes signatures, so you no longer need to use cryptographic algorithms to create, generate, and validate signatures. All the encryption is now handled by TLS, which is required. | ||
| • OAuth2 is more challenging than OAuth1a coz of less libraries |
There was a problem hiding this comment.
We shall be using OAuth 2.0. Good thing that you read this!
2 participants
No description provided.