「開放型」與「敏感型」app - Support for "public" and "confidential" apps
Within this profile we differentiate between two types of apps based upon whether the execution environment within which the app runs enables the app to protect secrets. Pure client-side apps (for example, HTML5/JS browser-based apps, iOS mobile apps, or Windows desktop apps) can provide adequate security -- but they can't "keep a secret" in the OAuth2 sense. That is to say, any "secret" key, code, or string that's embedded in the app can potentially be extracted by an end-user or attacker. So security for these apps can't depend on secrets embedded at install-time. Security assurance comes from being hosted within a trusted server environment.
Use the confidential app profile
when all of the following apply:
- App runs on a trusted server
- App has server-side business logic (e.g. using PHP, Python, Ruby, .NET, etc.)
- App is able to protect a
client_secret
Use the public app profile
when all of the following apply:
- App runs on an end-user's device (e.g. HTML5/JS in-browser; native iOS, Windows, or Android)
- App is unable to protect a
client_secret
在這個規範內,我們區分兩種型態的 app,根據執行的環境,app是否能夠使app保護機密。單純的客戶端app可提供足夠的安全性,但不能保持安全在 OAuth 2.0。也就是說,任何 secret key 嵌入在app可能被潛在的終端使用者或攻擊者擷取。所以對於這類app的安全性不能依賴「嵌入secret key」於安裝時期。安全性保證來自於可信的伺服器環境。
使用敏感型 app 規範
當所有應用根據:
- App 執行於可信任的伺服器
- App 有伺服器端的業務邏輯(e.g. using PHP, Python, Ruby, .NET, etc.)
- App 可保護 client_secret
使用開放型 app 規範
當所有應用根據:
- App 執行於一個終端使用者的裝置(e.g. HTML5/JS in-browser; native iOS, Windows, or Android)
- App 不可保護 client_secret