Early-bird Discount
expires in
Register Now


Business to Business (B2B) Delegated Client Authorisation Using OAuth 2.0

Business to Business (B2B) Delegated Client Authorisation Using OAuth 2.0

Combined Session
Wednesday, June 05, 2024 14:30—14:50
Location: A 03-04
Watch the video
Log in to download presentations

With the growing exposure of digital services and assets through application programming interfaces (APIs) and the emergence of the API Economy, entire business models are starting to be built around APIs. Increasingly, APIs are designed to be used externally as part of an organisation’s service delivery model.

The adoption of the OAuth protocol has allowed consumer-to-business (C2B) integrations to authorise access to APIs in a standardised way. However, business-to-business (B2B) integrations using OAuth are now rapidly growing, and as API ecosystems become more complex, there is an urgent need for further standardisation. Although OAuth supports direct B2B integration, there is no standard way to implement delegated B2B authorisation because OAuth delegation was primarily designed for C2B integration where the resource owner is an individual consumer.

There are use cases where, for an online business to provide services to their customers, they need authorised access to resources owned by the customer organisation at third-party resource providers.

In this session, we will explore how OAuth and its extensions, such as rich authorisation requests and token exchange grant types, can be used to allow a resource owner client to dynamically delegate access to its resources to another client using delegated B2B authorisation.

The presentation will cover the following topics:

  • Business use case for B2B delegated authorisation
  • Brief overview of the OAuth 2.0 protocol
  • Proposed enhancements to the OAuth 2.0 standard to achieve interoperable B2B delegated authorisation
  • Security considerations
Igor Janicijevic
Principal Engineer, Digital Access
National Australia Bank
Igor Janicijevic is Principal Engineer at National Australia Bank (NAB), where he focuses on digital identity and access management. Prior to NAB he spent 15 years at SecureNet / Betrusted /...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch