- One-time authorization code
-
One time authorization code as used in the yammer's desktop client
One time authorization code (OTAC) allows desktop clients for web applications to securely authenticate to the web application. The web application generates a unique code (pin) that the user can input into the desktop client, the desktop client in turn uses that code to authenticate itself to the web application. This method of authenticating desktop clients have two benefits:
- The user's actual username/password are never transmitted from the desktop based client application over the network;
- The client has to never cache/store the username/password.
Passwords stored on the desktop can easily be deciphered and compromised. Use of OTAC removes the need for storing/caching user's actual passwords on the client computer.
This form of authentication is particularly useful in web applications that do not have an internal username/password store but instead use SAML for authentication. Since SAML only works within the browser, a desktop based web application client can not successfully authenticate using SAML. Instead, the client application, can use the One time authorization code to authenticate itself to the web application.
Web Applications that utilize One Time Authorization Codes
This computer security article is a stub. You can help Wikipedia by expanding it.
