Difference between OAUTH authorization and OpenAM authorization

Question

I am new to security domain, so don't know whether this question is valid to be asked here. I am currently using OpenAM for the security of my web application with J2ee agent, now I find that OpenAM can do authorization with OAUTH as well as on the basis policies defined, now both openam and oauth develops tokens for valid users, and do not share user credential with the application, so how different are the two? My second question is if my application does not support oauth like google and facebook what basic things I need to do to implement oauth into my application.

Answer 1

OpenAM supports OAuth based authorization if that is what your confusion is about. It also supports

1) OpenID Connect 2) SAML

Your application can use either of these to get authorization from OpenAM. Your application can also use the REST APIs for this purpose. The choice is yours.

As far as the tokens go, OAuth tokens are different from OpenAM Tokens. OAuth tokens include

1) refresh_token 2) access_token

The access_token is used for making oauth based calls. However, OpenAM tokens are basically what is there in the cookie or what you get via the REST API.

Regarding your second question, to support OAuth, you would need to use a oauth client library and enable oauth on the server side (in this case OpenAM). This client library would be dependent on the language you choose to write this application.