en.wikipedia.org/wiki/Atom_(web_standard)
1 correction found
using OAuth for authentication instead of HTTP Basic Authentication
This overstates the difference from AtomPub. Micropub does use OAuth 2.0 bearer tokens, but AtomPub does not mandate HTTP Basic Authentication as its authentication method.
Full reasoning
The wording implies that AtomPub authenticates with HTTP Basic Authentication, and that Micropub differs by replacing that with OAuth. But the AtomPub specification does not require Basic Authentication as the protocol's authentication method.
RFC 5023 says the type of authentication is a local decision made by the server operator. It adds only that, at a minimum, implementations must be capable of being configured to use HTTP Basic Authentication over TLS for interoperability. The same section explicitly encourages implementers to use alternative mechanisms that are as good or better.
By contrast, the Micropub specification says Micropub uses OAuth 2.0 Bearer Tokens for authentication. So the accurate contrast is: Micropub standardizes OAuth 2.0 bearer-token auth, whereas AtomPub leaves the authentication mechanism open and merely includes Basic-over-TLS as a minimum interoperable baseline.
That makes the article's phrase misleading: it describes AtomPub as if it simply uses HTTP Basic Authentication, which is not what RFC 5023 says.
2 sources
- RFC 5023: The Atom Publishing Protocol
"The type of authentication deployed is a local decision made by the server operator." RFC 5023 also says implementations "MUST be capable of being configured to use HTTP Basic Authentication ... in conjunction with" TLS, and encourages "alternative mechanisms regarded as equivalently good or better."
- W3C Micropub Recommendation
The Micropub spec says: "Micropub uses OAuth 2.0 Bearer Tokens for authentication, rather than the previous insecure username/password authentication method."