### OAuth 1

Es gab ein OAuth 1, das sich stark von OAuth2 unterscheidet und komplexer ist, da es direkte Spezifikationen enthält, wie die Kommunikation verschlüsselt wird.

Heutzutage ist es nicht sehr populär und wird kaum verwendet.

OAuth2 spezifiziert nicht, wie die Kommunikation verschlüsselt werden soll, sondern erwartet, dass Ihre Anwendung mit HTTPS bereitgestellt wird.

/// tip | Tipp

     * the server.
     */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
     * Specifies that communication across the authenticated channel
     * should carry a digital signature (message integrity).
     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */

Then, using the certificate, the client and the TLS Termination Proxy **decide how to encrypt** the rest of the **TCP communication**. This completes the **TLS Handshake** part.

After this, the client and the server have an **encrypted TCP connection**, this is what TLS provides. And then they can use that connection to start the actual **HTTP communication**.

    * the server.
    */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
    * Specifies that communication across the authenticated channel
    * should carry a digital signature (message integrity).
    */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
    * Specifies that communication across the authenticated channel
    * should be encrypted (message confidentiality).
    */

        data[15] = 0x00; // type = 0
        data[16] = 40;
        data[17] = 0;
        data[18] = 0;
        data[19] = 0; // remark offset

        // Entry 2: IPC$, type 3 (IPC), remark "Inter-Process Communication"
        System.arraycopy("IPC$".getBytes(StandardCharsets.US_ASCII), 0, data, 20, 4);
        data[34] = 0x03;
        data[35] = 0x00; // type = 3
        data[36] = 60;
        data[37] = 0;
        data[38] = 0;

Then, the browser will send an HTTP `OPTIONS` request to the `:80`-backend, and if the backend sends the appropriate headers authorizing the communication from this different origin (`http://localhost:8080`) then the `:8080`-browser will let the JavaScript in the frontend send its request to the `:80`-backend.

To achieve this, the `:80`-backend must have a list of "allowed origins".

    private final DcerpcHandle handle;
    private boolean opened;

    /**
     * Creates a new SAM alias handle.
     *
     * @param handle the DCE/RPC handle for communication
     * @param domainHandle the domain handle containing this alias
     * @param access the desired access rights
     * @param rid the relative identifier of the alias

### OAuth 1 { #oauth-1 }

There was an OAuth 1, which is very different from OAuth2, and more complex, as it included direct specifications on how to encrypt the communication.

It is not very popular or used nowadays.

OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.

/// tip

 */
package jcifs.ntlmssp.av;

/**
 * NTLMSSP AV pair representing channel binding information for enhanced security.
 * Used to bind NTLM authentication to specific communication channels.
 *
 * @author mbechler
 */
public class AvChannelBindings extends AvPair {

    /**
     * Constructs an AV channel bindings pair
     * @param channelBindingHash the channel binding hash value

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package jcifs.dcerpc.ndr;

/**
 * Base class for NDR (Network Data Representation) objects used in DCE/RPC communication.
 * This abstract class defines the interface for encoding and decoding NDR data types.
 */
public abstract class NdrObject {

    /**
     * Default constructor for NDR object
     */
    public NdrObject() {