Is there any need of OAuth(2-legged) on HTTPs

Question

Is there any need of OAuth(2-legged) on HTTPs. In 3-legged scenario we use oauth for delegation purpose. but what is the purpose of Oauth(2-legged) over https.

In my scenario I am consumer and also user,so no need of authorization and I use https,https is not replayable and also secure channel. what u say should I use ouath

I am not talking about 3-legged or http

Answer 1

According to oAuth specification, section 11.3,

While OAuth provides a mechanism for verifying the integrity of requests, it provides no guarantee of request confidentiality. Unless further precautions are taken, eavesdroppers will have full access to request content. Service Providers should carefully consider the kinds of data likely to be sent as part of such requests, and should employ transport-layer security mechanisms to protect sensitive resources.

It is clear that if your request does not have secure data e.g user_id=2&messageId=33, than there is no need for https, but in 2-legged scenerio, where you are passing password while getting access token, you must have to use https at that time.

In both cases, either 2-legged or 3-legged, the rule is, when you are updating/fetching secure data (e.g. Credit Card updation, payments, passwords), you must have to use https.